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Chapter 1: About Managing the SG Appliance 



Volume 10: Managing the Blue Coat SG Appliance describes how to monitor the SG 
appliance with SNMP (a brief introduction to Director is provided), event logging, or 
health monitoring. It also describes common maintenance and troubleshooting tasks. 

Discussed in this volume: 



a 


Chapter 2: 


"Monitoring the SG Appliance" 


a 


Chapter 3: 


"Maintaining the SG Appliance' 


□ 


Chapter 4: 


"Diagnostics" 


a 


Chapter 5: 


"Statistics" 


a 


Appendix 


A: "Glossary" 



Document Conventions 



The following section lists the typographical and Command Line Interface (CLI) syntax 
conventions used in this manual. 

Table 1 -1 . Document Conventions 



Conventions 


Definition 


Italics 


The first use of a new or Blue Coat-proprietary term. 


Courier font 


Command line text that appears on your administrator workstation. 


Courier Italics 


A command line variable that is to be substituted with a literal name or 
value pertaining to the appropriate facet of your network system. 


Courier Boldface 


A Blue Coat literal to be entered as shown. 


{ } 


One of the parameters enclosed within the braces must be supplied 


[ ] 


An optional parameter or parameters. 


I 


Either the parameter before or after the pipe character can or must be 
selected, but not both. 
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Chapter 2: Monitoring the SG Appliance 



This chapter describes the methods you can use to monitor your SG appliances, 
including event logging, SNMP, and health monitoring. A brief introduction to Director 
is also provided. 

This chapter contains the following sections: 

□ "Using Director to Manage SG Systems" on page 9 
a "Monitoring the System and Disks" on page 10 

□ "Setting Up Event Logging and Notification" on page 14 

□ "Configuring SNMP" on page 19 

□ "Configuring Health Monitoring" on page 22 

Using Director to Manage SG Systems 

Blue Coat Director allows you to manage multiple SG appliances, eliminating the need 
to configure and control the appliances individually. 

Director allows you to configure an SG appliance and then push that configuration out 
to as many appliances as required. Director also allows you to delegate network and 
content control to multiple administrators and distribute user and content policy across 
a Content Delivery Network (CDN). With Director, you can: 

□ Reduce management costs by centrally managing all Blue Coat appliances. 

□ Eliminate the need to manually configure each remote SG appliance. 

□ Recover from system problems with configuration snapshots and recovery. 

Setting up Director and SG Appliance Communication 

Director and the SG appliance use SSHv2 as the default communication mode. SSHvl 
and telnet are not supported. 

For Director to successfully manage multiple appliances, it must be able to 
communicate with an appliance using SSH/RSA and the Director's public key must be 
configured on each system that Director manages. 

When doing initial setup of the SG appliance from Director, Director connects to the 
device using the authentication method established on the device: SSH with simple 
authentication or SSH/RSA. SSH/RSA is preferred, and must also be set up on 
Director before connecting to the SG appliance. 

Director can create an RSA keypair for an SG appliance to allow connections. However, 
for full functionality. Director's public key must be configured on each appliance. You 
can configure the key on the system using the following two methods: 

□ Use Director to create and push the key. 

□ Use the import-director-client-key CLI command from the SG appliance. 

Using Director to create and push client keys is the recommended method. The CLI 
command is provided for reference. 
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Complete the following steps to put Director's public key on the SG appliance using the 
CLI of the appliance. You must complete this procedure from the CLI. The Management 
Console is not available. 



Note: For information on creating and pushing a SSH keypair on Director, refer to the 
Blue Coat Director Installation Guide. 



Log in to the SG appliance you want to manage from Director. 

1. From the (config) prompt, enter the ssh-console submode: 

SGOS# (config) ssh-console 
SGOS# (config ssh-console) 

2. Import Director's key that was previously created on Director and copied to the 
clipboard. 

Important: You must add the Director identification at the end of the client key. The 
example shows the username, IP address, and MAC address of Director. "Director" 
(without quotes) must be the username, allowing you access to passwords in clear 
text. 



SGOS# (config services ssh-console) inline director-client-key 
Paste client key here, end with " . . . " (three periods) 

ssh-rsa AAAAB3NzaClyc2EAAAABIwAAAIEAvJIXtlZausE9qrcXem2IK/mC4dY8Cxxol/ 
B8th4KvedFY330By0/pvwcuchPZz+blLETTY/zc3SL7 j dVf f qOOKBN/ 
ir4zu7L2XT6 8ML2 0RWa9tXFedNmKl/ iagI3/QZJ8T8zQM6o7WnBzTvMC/ 
ZElMZZddAE3yPCv9+s2TR/Ipk=director@10 .25 .36.47-2. OOeO . 8105 .d46b 

ok 

To view the fingerprint of the key: 

SGOS# (config sshd) view director-client-key clientID 
j smith@granite . example . com 

83 :C0 : 0D:57 :CC:24 : 3 6 : 0 9 :C3 :42 :B7 : 86 : 3 5 :AC:D6 :47 

To delete a key: 

SGOS# (config sshd) delete director-client-key clientID 

Monitoring the System and Disks 

The System and disks page in the Management Console has the following tabs: 

□ Summary 

Provides configuration information and a general status information about the device. 

□ Tasks 

Enables you to perform systems tasks, such as restarting the system and clearing the 
DNS or object cache. See Chapter 3: "Maintaining the SG Appliance” for information 
about these tasks. 

□ Environment 

Displays hardware sensor statistics. 

□ Disks 

Displays details about the installed disks and enables you take them offline. 
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□ SSL Cards 

Displays details about any installed SSL cards. 

These statistics are also available in the CLI. 

Note: The SG 400 appliances do not have an Environment tab. 



System Summary 

The device provides a variety of information on its status. The fields on the Summary tab 
are described below: 

□ Disks Installed — the number of disk drives installed in the device. The Disks tab 
displays the status of each drive. 

□ Memory installed — the amount of RAM installed in the device. 

□ CPUs installed — the number of CPUs installed in the device. 

□ Software image — the version and release number of the device image. 

□ Serial number — the serial number of the machine, if available. 

□ System started — the time and date the device was started. 

□ CPU utilization — the current percent utilization of the device CPU. 

To view the system summary statistics: 

Select Maintenance > System and disks > Summary. 



Summary | Tasks 

Configuration 

Disks installed: 1 

Memory installed: 51 2 megabytes 
CPUs installed: 1 



Disks 1 -2 



SSL Cards 



Software image: |sGOS 5.1 .3.5, Release id: 27752 Debug 
Serial number: 4505060020 



- General Status 

System started: 2006-1 2-20 20: 1 5: 46+00: 00UTC 
CPU utilization: 1 percent 



Viewing System Environment Sensors 

The icons on the Environment tab are green when the related hardware environment is 
within acceptable parameters, and red when an out-of-tolerance condition exists. If an 
icon is red, click View Sensors to view detailed sensor statistics to learn more about the 
out-of-tolerance condition. 



Note: The health monitoring metrics on the Statistics > Health page also show the state 
of environmental sensors. See "Configuring Health Monitoring" on page 22 for more 
information. 
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Note: You cannot view environment statistics on an SG 400 appliance. 

To view the system environment statistics: 

1. Select Maintenance > System and disks > Environment. 

Note: This tab varies depending on the type of SG appliance that you are using. 



Summary | Tasks | Environment j Disks 1-2 | SSL Cards | 

- Temperature 



o 



2. Click View Sensors to see detailed sensor values; close the window when you are 
finished. 

Sensor statistics 



Sensor Name Reading Status 


MB Temperature 31.0 C 


OK 


CPU Temperature 31.0 C 


OK 



Viewing Disk Status 

You can view the status of each of the disks in the system and take a disk offline if needed. 

To view disk status or take a disk offline: 

1. Select Maintenance > System and disks > Environment. 

The default view provides information about the disk in slot 1 . 



Note: The name and appearance of this tab differs, depending on the range of disks 
available to the SG appliance model you use. 
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Summary 
- Disk in slot 1 


Tasks 


Environment 


Disks 1-2 


1 SSL Cards | 










Vendor: 


SEAGATE 


Product: 


ST340014A 




Revision: 


8.54 


Disk SN: 


5JVQ76VS 




Capacity: 


40.02 gigabytes 


Status: 


PRESENT 


Take diski offline 



2. Select the disk to view or to take offline by clicking the appropriate disk icon. 

3. (Optional) To take the selected disk offline, click the Take disk x offline button (where x 
is the number of the disk you have selected); click OK in the Take disk offline dialog 
that displays. 




Viewing SSL Accelerator Card Information 

Selecting the Maintenance > System and disks > SSL Cards tab allows you to view 
information about any SSL accelerator cards in the system. If no accelerator cards are 
installed, that information is stated on the pane. 

To view SSL accelerator cards: 



Note: You cannot view statistics about SSL accelerator cards through the CLI. 



Select Maintenance > System and disks > SSL Cards. 
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Summary | Tasks | Environment | Disks 1-2 SSL Cards | 



- SSL Accelerators 

No SSL acceleration cards found. 
1 errors reported. 



Setting Up Event Logging and Notification 

You can configure the SG appliance to log system events as they occur. Event logging 
allows you to specify the types of system events logged, the size of the event log, and to 
configure Syslog monitoring. The appliance can also notify you by e-mail if an event is 
logged. 

Configuring Which Events to Log 

The event level options are listed from the most to least important events. Because each 
event requires some disk space, setting the event logging to log all events fills the event 
log more quickly. 

To set the event logging level: 

1. Select Maintenance > Event Logging > Level. 




When you select an event level, all levels above the selection are included. For 
example, if you select Verbose, all event levels are included. 

3. Click Apply. 

Related CLI Commands for Setting the Event Logging Level 

SGOS# (config event-log) level {severe | configuration | policy | 
informational | verbose} 
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Table 2-1 . Event Logging Level Options 



severe 


Writes only severe error messages to the event log. 


configuration 


Writes severe and configuration change error messages to the event log. 


policy 


Writes severe, configuration change, and policy event error messages to 
the event log. 


informational 


Writes severe, configuration change, policy event, and information error 
messages to the event log. 


verbose 


Writes all error messages to the event log. 



Setting Event Log Size 

You can limit the size of the appliances's event log and specify what the appliance should 
do if the log size limit is reached. 

To set event log size: 

1. Select Maintenance > Event Logging > Size. 



Level Size | Mail | Syslog 

- Event log size 

Limit event log to 1 0 megabytes of disk space 



r When event log reaches maximum size: 

® Overwrite earlier events 
O Stop logging new events 

2. In the Event log size field, enter the maximum size of the event log in megabytes. 

3. Select either Overwrite earlier events or Stop logging new events to specify the desired 
behavior when the event log reaches maximum size. 

4. Click Apply. 

Related CLI Commands to Set the Event Log Size 

SSGOS# (conf ig event-log) log-size megabytes 

SGOS# (config event-log) when-full {overwrite | stop} 

Enabling Event Notification 

The SG appliance can send event notifications to Internet e-mail addresses using SMTP. 
You can also send event notifications directly to Blue Coat for support purposes. For 
information on configuring diagnostic reporting, see Chapter 4: "Diagnostics". 
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Note: The SG appliance must know the host name or IP address of your SMTP mail 
gateway to mail event messages to the e-mail address(es) you have entered. If you do not 
have access to an SMTP gateway, you can use the Blue Coat default SMTP gateway to 
send event messages directly to Blue Coat. 

The Blue Coat SMTP gateway only sends mail to Blue Coat. It will not forward mail to 
other domains. 



To enable event notifications: 

1. Select Maintenance > Event Logging > Mail. 



Level | Size Mail | Syslog 

r Mail notifications to: 




0 SMTP gateway IP: 



O Clear SMTP gateway settings 



2. Click New to add a new e-mail address; click OK in the Add list item dialog that 
appears. 

3. In the SMTP gateway name field, enter the host name of your mail server; or in the 
SMTP gateway IP field, enter the IP address of your mail server. 

4. (Optional) If you want to clear one of the above settings, select the radio button of the 
setting you want to clear. You can clear only one setting at a time. 

5. Click Apply. 

Related CLI Commands to Enable Event Notifications 

SGOS# (config event-log) mail add email_address 

Syslog Event Monitoring 

Syslog is an event-monitoring scheme that is especially popular in UNIX environments. 
Sites that use syslog typically have a log host node, which acts as a sink (repository) for 
several devices on the network. You must have a syslog daemon operating in your 
network to use syslog monitoring. The syslog format is: Date Time Hostname Event. 

Most clients using syslog have multiple devices sending messages to a single syslog 
daemon. This allows viewing a single chronological event log of all of the devices 
assigned to the syslog daemon. An event on one network device might trigger an event on 
other network devices, which, on occasion, can point out faulty equipment. 
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To enable syslog monitoring: 

1. Select Maintenance > Event Logging > Syslog. 



Level | Size | Mail Syslog 




2. In the Loghost field, enter the domain name or IP address of your loghost server. 

3. Select Enable Syslog. 

4. Click Apply. 

Related CLI Commands to Enable Syslog Monitoring 

SGOS# (config event-log) syslog {disable | enable} 

Viewing Event Log Configuration and Content 

You can view the system event log, either in its entirety or selected portions of it. 

Viewing the Event Log Configuration 

You can view the event log configuration, from show or from view in the event-log 
configuration mode. 

To view the event log configuration: 

At the prompt, enter the following command: 

□ From anywhere in the CLI 

SGOS> show event-log configuration 

Settings : 

Event level: severe + configuration + policy + informational 
Event log size: 10 megabytes 

If log reaches maximum size, overwrite earlier events 
Syslog loghost: <none> 

Syslog notification: disabled 
Syslog facility: daemon 
Event recipients: 

SMTP gateway: 

mail . heartbeat . bluecoat . com 



-or- 

□ From the (config) prompt: 

SGOS# (config) event-log 

SGOS# (config event-log) view configuration 
Settings : 

Event level: severe + configuration + policy + informational 
Event log size: 10 megabytes 

If log reaches maximum size, overwrite earlier events 
Syslog loghost: <none> 
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Syslog notification: disabled 
Syslog facility: daemon 
Event recipients: 

SMTP gateway: 

mail . heartbeat . bluecoat . com 

Viewing the Event Log Contents 

Again, you can view the event log contents from the show command or from the event-log 
configuration mode. 

The syntax for viewing the event log contents is 
SGOS# show event -log 

-or- 

SGOS# (config event-log) view 

[start [YYYY-mm-dd] [HH:MM:SS]] [end [YYYY-mm-dd] [HH:MM:SS]] [regex 
regex | substring string ] 

Pressing <Enter> shows the entire event log without filters. 

The order of the filters is unimportant. If start is omitted, the start of the recorded event 
log is used. If end is omitted, the end of the recorded event log is used. 

If the date is omitted in either start or end, it must be omitted in the other one (that is, if 
you supply just times, you must supply just times for both start and end, and all times 
refer to today). The time is interpreted in the current timezone of the appliance. 

Understanding the Time Filter 

The entire event log can be displayed, or either a starting date / time or ending date / time 
can be specified. A date/time value is specified using the notation ([YYYY-MM-DD] 
[HH:MM:SS]). Parts of this string can be omitted as follows: 

□ If the date is omitted, today's date is used. 

□ If the time is omitted for the starting time, it is 00:00:00 

□ If the time is omitted for the ending time, it is 23:59:59 

At least one of the date or the time must be provided. The date /time range is inclusive of 
events that occur at the start time as well as dates that occur at the end time. 



Note: If the notation includes a space, such as between the start date and the start time, 
the argument in the CLI should be quoted. 



Understanding the Regex and Substring Filters 

A regular expression can be supplied, and only event log records that match the regular 
expression are considered for display. The regular expression is applied to the text of the 
event log record not including the date and time. It is case-sensitive and not anchored. 
You should quote the regular expression. 

Since regular expressions can be difficult to write properly, you can use a substring filter 
instead to search the text of the event log record, not including the date and time. The 
search is case sensitive. 

Regular expressions use the standard regular expression syntax as defined by policy. If 
both regex and substring are omitted, then all records are assumed to match. 
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Example 

SGOS# show event-log start "2004-10-22 9:00:00" end "2004-10-22 
9:15:00" 

2004-10-22 09 : 00 : 02+00 : 00UTC "Snapshot sysinf o_stats has fetched / 
sysinfo-stats " 0 2D0006:96 . . /Snapshot_worker . cpp : 183 

2004-10-22 09 : 05 : 49+00 : OOUTC "NTP: Periodic query of server 
ntp.bluecoat.com, system clock is 0 seconds 682 ms fast compared to NTP 
time. Updated system clock. " 0 90000:1 . . /ntp . cpp : 63 1 

Configuring SNMP 

You can view an SG appliance using a Simple Network Management Protocol (SNMP) 
management station. The appliance supports MIB-2 (RFC 1213), Proxy MIB, and the 
RFC2594 MIB, and can be downloaded at the following URL: https:/ / 
download.bluecoat.com/release/SGOS5/index.html (The SNMP link is in the lower 
right-hand corner.). 

Enabling SNMP 

To view an SG appliance from an SNMP management station, you must enable and 
configure SNMP support on the appliance. 

To enable and configure SNMP: 

1. Select Maintenance > SNMP > SNMP General. 

SNMP General | Community Sitings | Traps 

r General sellings: 

| | Enable SNMP [ Reset SNMP sellings ] 




2. Select Enable SNMP. 

3. (Optional) To reset the SNMP configuration to the defaults, click Reset SNMP settings. 
This erases any trap settings that were set as well as any community strings that had 
been created. You do not need to reboot the system after making configuration 
changes to SNMP. 

4. In the sysLocation field, enter a string that describes the appliance's physical location. 

5. In the sysContact field, enter a string that identifies the person responsible for 
administering the appliance. 

Related CLI Commands to Enable and Configure SNMP 

SGOS# (config snmp) {disable | enable} 

SGOS # (config snmp) sys-contact string 
SGOS# (config snmp) sys-location string 
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Configuring SNMP Community Strings 

Use community strings to restrict access to SNMP data. To read SNMP data on the SG 
appliance, specify a read community string. To write SNMP data to the appliance, specify a 
write community string. To receive traps, specify a trap community string. By default, all 
community string passwords are set to public. 



Note: If you enable SNMP, make sure to change all three community-string passwords to 
values that are difficult to guess. Use a combination of uppercase, lowercase, and numeric 
characters. An easily-guessed community-string password makes it easier to gain 
unauthorized access to the SG appliance and network. 



To set or change community strings: 

1. Select Maintenance > SNMP > Community Strings. 




2. Click the community string button you want to change. 

The Change Read/ Write/Trap Community dialog displays. 




3. Enter and confirm the community string; click OK. 

4. Click Apply. 

To set or change community strings: 

You can set the community strings in either cleartext or encrypted form. 
To set them in cleartext: 

SGOS# (config) sump 
SGOS# (config snmp) enable 

SGOS# (config snmp) read -community password 
SGOS# (config snmp) write -community password 



20 





Chapter 2: Monitoring the SG Appliance 



SGOS#(config snmp) 
To set them as encrypted: 
SGOS# (config) sump 
SGOS#(config snmp) 
SGOS# (config snmp) 
SGOS# (config snmp) 
SGOS# (config snmp) 



trap -community password 



enable 

encrypted- read- community encrypted-password 
encrypted- write -community encrypted-password 
encrypted- trap -community encrypted-password 



Configuring SNMP Traps 

The SG appliance can send SNMP traps to a management station as they occur. By default, 
all system-level traps are sent to the address specified. You can also enable authorization 
traps to send notification of attempts to access the Management Console. Also, if the 
system crashes for whatever reason, a cold start SNMP trap is issued on power up. No 
configuration is required. 



Note: The SNMP trap for CPU utilization is sent only if the CPU continues to stay up for 
32 or more seconds. 



To enable SNMP traps: 



Note: You cannot configure SNMP traps to go out through a particular interface. The 
interface that is configured first is used until it fails and is used to identify the device. 



1. Select Maintenance > SNMP > Traps. 

SNMP General | Community Strings Traps 

r T rap destinations: 

Send traps to: 

I I I I I 



- T rap types: 

□ Enable authorization traps 



2. In the Send traps to fields, enter the IP address(es) of the workstation(s) where traps 
are to be sent. 

3. To receive authorization traps, select Enable authorization traps. 

4. Select Apply to commit the changes to the SG appliance. 

Related CLI Commands for Enabling SNMP Traps 

SGOS# (config snmp) trap-address {l | 2 | 3} ip_address 

Indicates which IP address(es) can receive traps and in which priority. 

SGOS# (config snmp) authorize- traps 
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Configuring Health Monitoring 

The health monitoring feature tracks key hardware and software metrics so that you can 
can quickly discover and diagnose potential problems. Director (and other third-party 
network management tools) also use these metrics to remotely display the current state of 
the SG appliance. By monitoring these key hardware and software metrics. Director can 
display a variety of health-related statistics — and trigger notification if action is required. 

Starting with SGME 5.1.4, Director no longer uses SNMP traps to determine if the SG 
appliance health state has changed. To ensure that the appliance state is accurately 
displayed. Director polls all managed devices approximately every minute and uses the 
returned system-resource-metrics XML data to update the health monitoring 
information. If the state has changed, only the changes are sent to Director. Sending only 
the changes reduces the bandwidth load on the network. 

Polling can be slower for SG appliances running SGOS releases prior to SGOS 5.1.4, 
because the entire system-resource-metrics XML is fetched, not just the changes. To 
ensure rapid polling. Blue Coat recommends that you upgrade to SGOS 5.1.4.x or later. 



1 




2 



Legend 

1 . Director queries the ProxySG for health metrics using the CLI. 

2. The SG appliance sends its current health status. 



Figure 2-1. Health Monitoring Configuration and Notification Process 

As shown in the preceding figure, health monitoring metrics can be remotely configured 
and queried from Director. The metrics are also configurable on the SG appliance itself. 

To facilitate prompt corrective action, notification can be configured for threshold 
"events." For example, an administrator can configure a threshold so that an e-mail or 
SNMP trap is generated when the threshold state changes. Additionally, many of the 
threshold levels are configurable so that you can adjust the thresholds to meet your 
specific requirements. 
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Health Monitoring Requirements 

Before using the health monitoring feature you must meet ensure that the e-mail 
addresses of all persons that should be notified of health monitoring alerts are listed in the 
Event log properties. See "Setting Up Event Logging and Notification" on page 14 for 
more information. 

About Hardware/Environmental Metrics (Sensors) 

The hardware and environmental metrics are referred to as sensors. Sensor threshold 
values are not configurable and are preset to optimal values. For example, if the CPU 
temperature reaches 55 degrees Celsius, it is considered to have entered the Warning 
threshold. The following table describes the sensor metrics. 



Note: See "Health Monitoring Requirements" on page 23 for information about 
obtaining MIBs. 



Table 2-2. Sensor Health Monitoring Metrics 



Metric 


MIB 


Threshold States 


Disk status 


Disk 


Critical: 

Bad 

Warning: 

Not Present 
Removed 
Offline 
OK: 

Present 

Initializing 

Inserted 

Slot_empty 


Temperature 


Sensor 


High- critical 


Bus temperature 
CPU temperature 




High -warning 


Fan 


Sensor 


Critical: 


CPU Fan 




Low-critical 

Warning: 

Low- warning 


Voltage 


Sensor 


Critical: 


Bus Voltage 




Critical 


CPU voltage 




High-critical 


Power Supply voltage 




Low-critical 

Warning: 

High -warning 
Low- warning 
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Table 2-2. Sensor Health Monitoring Metrics (Continued) 



ADN Connection Status 




OK: 

Connected 

Connecting 

Connection Approved 

Disabled 

Not Operational 

Warning: 

Approval Pending 
Mismatching Approval Status 
Partially Connected 
Critical: 

Not Connected 
Connection Rejected 

See Volume 6: Advanced Networking for 
more information about the ADN 
metrics. 


ADN Manager Status 




OK: 

No Approvals Pending 
Not Applicable 
Warning: 

Approvals Pending 



About System Resource Metrics 

The following table lists the system resource metrics. The thresholds for these metrics are 
user-configurable. See "About Health Monitoring Thresholds" on page 25 for information 
about thresholds and alert notification. 

All of the system resource metrics are described in the System-resource MIB. See "Health 
Monitoring Requirements" on page 23 for information about obtaining MIBs. 

All threshold intervals are in seconds (licensing expiration intervals are ignored). 



Table 2-3. System Resource Health Monitoring Metrics 



Metric 


Units 


Threshold/Interval 

Defaults 


Notes 


CPU Utilization 


Percentage 


Critical: 95%/120 seconds 
Warning: 80%/120 
seconds 


Measures the value of CPU 0 on multi- 
processor systems— not the average of all 
CPU activity. 


Memory Pressure 


Percentage 


Critical: 95%/ 120 seconds 
Warning: 90%/ 120 
seconds 


Memory pressure occurs when memory 
resources become limited, causing new 
connections to be delayed. 


Network Utilization 


Percentage 


Critical: 90%/120 seconds 
Warning: 60%/ 120 
seconds 


Measures the traffic (in and out) on the 
interface to determine if it is approaching 
the maximum allowable bandwidth. 
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Table 2-3. System Resource Health Monitoring Metrics (Continued) 



License Utilization 


Percentage 


Critical: 100%/0 
Warning: 90% / 0 


For licenses that have user limits, 
monitors the number of users. 


License Expiration 


Days 


Critical: 0 days/0 
Warning: 30 days/0 


Warns of impending license expiration. 
For license expiration metrics, intervals 
are ignored. See "Monitoring Licensing 
Utilization and Expiration" on page 
25 for more information. 



Monitoring Licensing Utilization and Expiration 

You can monitor the following licenses for utilization and/or expiration. 

Utilization /Expiration: 

□ AOL Instant Messaging (aol - im) 

□ MSN Instant Messaging (msn-im) 

□ Yahoo Instant Messaging (yahoo - im) 

□ Windows Media Streaming (windows -media) 

□ Real Media Streaming (real -media) 

□ Quicktime Streaming (quicktime) 

Expiration only: 

□ SGOS (sgos) 

Licenses not listed here are part of the SGOS base license. 

□ SSL (ssl) 

See "About License Expiration Metrics" on page 26 for information licensing thresholds. 

About Health Monitoring Thresholds 

For the purposes of notification, thresholds are defined by two variables, the threshold level 
and the threshold interval: 

□ The threshold level describes the state of the metric: OK, Warning, or Critical. 



Note: Sensors have different threshold levels than OK, Warning, and Critical. See 
"About Hardware /Environmental Metrics (Sensors)" on page 23 for more 
information. 



□ The threshold interval specifies the period of time that the metric must stay in the 
level before an alert is triggered. 

For example, you might define the CPU utilization threshold levels as follows: 

□ Critical Level=95% 

□ Critical Threshold Interval=20 seconds 

□ Warning Level=85% 

□ Warning Threshold Interval=20 seconds 



25 



Volume 10: Managing the Blue Coat SG Appliance 



A metric is not considered to have changed state unless it stays above a threshold level for 
the specified interval. Thus, the variables in the preceding example indicate that the 
metric is not considered Critical unless it stays at 95% or above for at least 20 seconds. If 
the CPU hovers between 95% and 100% for 20 seconds, a Critical alert is sent. 

Similarly, if the CPU stays between 85% and 94% for 20 seconds, a Warning alert is sent. 
Conversely, an alert notification is not sent if the CPU hovers in the Warning level for 18 
seconds and then drops to normal. 

An alert is triggered if a metric stays above any threshold for the specified interval. For 
example, if the CPU rises above the Warning level for 9 seconds, climbs into the Critical 
level for 18 seconds, and then falls below the Warning level, a Warning notification is sent 
because the metric stayed above the Warning threshold for 27 seconds. This concept is 
illustrated in the following figure. 



20 seconds above the Warning threshold a Warning alert is sent 




Threshold Interval (set at 20 seconds) 



Figure 2-2. Relationship between the threshold level and threshold interval 
About License Expiration Metrics 

The threshold values for license expiration metrics are set in days until expiration. In this 
context, a "critical" threshold indicates that license expiration is imminent. This is the only 
metric in which the Critical threshold value should be smaller than the Warning threshold 
value. For example, if you set the Warning threshold to 45, an alert is sent when there are 
45 days remaining in the license period. The Critical threshold would be less than 45 days, 
for example 5 days. 

For the license expiration metrics, the threshold interval is irrelevant and is set by default 
to 0. You should set the Warning Threshold to a value that will give you ample time to 
renew your license. By default, all license expiration metrics have a Warning Threshold of 
30 days. By default, the Critical Threshold is configured to 0, which means that a trap is 
immediately sent upon license expiration. 
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Note: The license expiration OK state can have three possible threshold values: 

• Not installed: state ok, threshold value -1 

• Installed Permanently: state ok, threshold value 0 

• N days remaining to expire: state ok, threshold value N 



About Health Monitoring Notification 

By default, the Director polls the SG appliances to determine their current state. If the state 
has changed. Director updates the device status. Other types of notification are also 
available. Amy or all of the following types of notification can be set: 

□ SNMP trap: Sends an SNMP trap to all configured management stations. 

□ E-mail: Sends e-mail to all persons listed in the Event log properties. 

□ Log: Inserts an entry into the Event log. See "Setting Up Event Logging and 
Notification" on page 14 for more information. 

Changing Threshold and Notification Properties 

The health monitoring threshold and notification properties are set by default. Use the 
following procedure to modify the current settings. 

To change the threshold and notification properties: 

1. Select Maintenance > Health Monitoring. 

2. Do one of the following: 

• To change the system resource metrics, select General. 

• To change the hardware/ environmental metrics, select Sensors. 

Note: You cannot change the threshold values for metrics in the Sensors tab. 

• To change the licensing metrics, select Licensing. 

3. Select the metric you want to modify. 

4. Click Edit to modify the threshold and notification settings. The Edit Metric dialog 
displays. (Sensor thresholds cannot be modified.) 
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5a 



5b 

5c 



5d 



6 



5. Modify the threshold values: 

a. To change the critical threshold, enter a new value in the Critical Threshold 
field. 

b. To change the critical interval, enter a new value in the Critical Interval field. 

c. To change the warning threshold, enter a new value in the Warning Threshold 
field. 

d. To change the warning interval, enter a new value in the Warning Interval 
field. 

6. Modify the notification settings. 

• Log adds an entry to the Event log. 

• Trap sends an SNMP trap to all configured management stations. 

• Email sends an e-mail to the addresses listed in the Event log properties. See 
"Setting Up Event Logging and Notification" on page 14 for more information. 

7. Click OK to close the Edit Metric dialog. 

8. Click Apply. 

Related CLI Syntax to Modify Threshold and Notification Properties 

#(config) alert threshold met ric_name warning_threshold 
warning_interval critical_threshold critical_interval 
#(config) alert notification met ric_name notification_method 

Getting A Quick View of the SG Appliance Health 

The Management Console uses the health monitoring metrics to display a visual 
representation of the overall health state of the SG appliance. The health icon is located in 
the upper right corner of the Management Console and is always visible. 
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System health is determined by calculating the "aggregate" health status of the following 
metrics: 

□ CPU Utilization 

□ Memory Pressure 

□ Network interface utilization 

□ Disk status (for all disks) 

□ License expiration 

□ License "user count" utilization (when applicable) 

□ Sensor values (for all sensors) 

The possible health states are OK, Warning, or Critical. 

Clicking the health icon displays the Statistics > Health page, which lists the current 
condition of the system's health monitoring metrics, as described in the next section. 

Viewing Health Monitoring Statistics 

While the health icon presents a quick view of the appliance health, the Statistics > Health 
page enables you to get more details about the current state of the health monitoring 
metrics. 

To review the health monitoring statistics: 

1. From the Management Console, select Statistics>Health. 



General | Licensing | Sensors 

General 



Metric 

CPU utilization 



Value 
1 percent 



Memory pressure 



82 percent 



Disk 1 status 



Interface 0:0 utilization 



Interface 0:1 utilization 



0 percent 



0 percent 



State 

OK 



OK 



OK 



OK 



Set thresholds.. 



View -4- 




2. Select a health monitoring statistics tab: 



• General: Lists the current state of CPU utilization, interface utilization, memory 
pressure, and disk status metrics. 

• Licensing: Lists the current state of license utilization and expiration metrics. 
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• Sensors: Lists the current state of all sensor metrics. 

3. To get more details about a metric, highlight the metric and click View. The View 
Metrics Detail dialog displays. 



View Metrics Detail 



Metric: 


Memory pressure 


Health State: 


OK 


Value: 


81 


Critical Threshold: 


95 


Critical Interval: 


120 


Warning Threshold: 


90 


Warning Interval: 


120 



| Close jgfr 



4. Click Close to close the View Metrics Detail dialog. 

5. Optional — If you want to modify a metric, highlight the metric and click Set 
Thresholds. The Maintenance > Health Monitoring page displays. To modify the metric, 
follow the procedure describe in "Changing Threshold and Notification Properties" 
on page 27. 

Related CLI Syntax to View Health Monitoring Statistics 

SGOS# (config) show system- resource-metrics 

The show system-resource-metrics command lists the state of the current system resource 
metrics. 

Sensor notification varies by platform. If you try to set notification for a sensor that does 
not support notification, you will see the following error message: 

Sensor not supported on this platform 

Depending on the platform, the sensor metrics displayed by the show system-resource- 
metrics command might differ from the sensor names listed in the alert command 
output. For example, the bus -temperature sensor can be shown as motherboard 
temperature in the show system-resources-metrics output. If you are setting 
notification from the Management Console, you can verify the sensor category by clicking 
the Preview button to view the CLI output. 

Troubleshooting 

If you continue to receive alerts, contact Blue Coat Technical Support. For licensing 
questions, contact Blue Coat Support Services. It is helpful to obtain a packet capture for 
CPU, memory pressure, and network interface issues, before calling Technical Support. 
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Table 2-4. Technical Support and Support Services Contact Information 



Blue Coat Technical Support 


http: / / www.bluecoat.com/ support/ contact.html 


Blue Coat Support Services 


http:/ /www.bluecoat.com/ support/ services/index.html 
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This chapter describes how to maintain the SG appliance; for example, restarting the 
appliance, restoring system defaults, upgrading the appliance, and reinitializing disks. 

This chapter contains the following sections: 

□ "Restarting the SG Appliance" on page 33 
a "Restoring System Defaults" on page 34 

□ "Clearing the DNS Cache" on page 36 

□ "Clearing the Object Cache" on page 36 
a "Clearing the Byte Cache" on page 37 
a "Clearing Trend Statistics" on page 37 

□ "Upgrading the SG Appliance" on page 37 

a "Managing SG Appliance Systems" on page 40 

□ "Disk Reinitialization" on page 43 

a "Deleting Objects from the SG Appliance" on page 44 

Restarting the SG Appliance 

The restart options control the restart attributes of the SG appliance if a restart is 
required because of a system fault. 



Important: The default settings of the Restart option suits most systems. Changing 
them without assistance from Blue Coat Systems Technical Support is not 
recommended. 



Hardware and Software Restart Options 

The Restart settings determine if the SG appliance does a faster software-only restart, or 
a more comprehensive hardware and software restart. The latter can take several 
minutes longer, depending upon the amount of memory and number of disk drives in 
the appliance. 

The default setting of Software only suits most situations. Restarting both the hardware 
and software is recommended in situations where a hardware fault is suspected. 

For information about the Core Image settings, see "Core Image Restart Options" on 
page 57. 



Note: If you change restart option settings and you want them to apply to the next SG 
appliance restart, click Apply. 



To restart the SG appliance: 

1. Select Maintenance > System and disks > Tasks. 
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2. In the Restart field, select either Software only or Hardware and software. 

3. If you select the Hardware and software option, select a system from the System to run 
drop-down list. 

The default system is pre-selected. 

4. Click Apply. 

5. Click Restart now. 

6. Click OK to confirm and restart the SG appliance. 

Related CLI Syntax to Configure the Hardware/Software Restart Settings 

SGOS# (config) restart mode {hardware | software} 

SGOS# restart abrupt 
SGOS# restart regular 
SGOS# restart upgrade 

Restoring System Defaults 

SGOS allows you to restore some or all of the system defaults. Use these commands with 
caution. The restore-defaults command deletes most, but not all, system defaults: 

□ The restore-defaults command with the factory-defaults option reinitializes 
the SG appliance to the original settings it had when it was shipped from the factory. 

□ The restore-defaults command with the keep-console option allows you to 
restore default settings without losing all IP addresses on the system. 

Restore-Defaults 

Settings that are deleted when you use the restore-defaults command include: 

□ All IP addresses (these must be restored before you can access the Management 
Console again). 

□ DNS server addresses (these must be restored through the CLI before you can access 
the Management Console again). 

□ Installable lists. 

□ All customized configurations. 
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□ Third-party vendor licenses, such as SmartFilter or Websense. If you use the 
restore-defaults command after you have installed licenses, and the serial number 
of your system is configurable (older boxes only), the licenses fails to install and the 

SG appliance returns to the trial period (if any time is left). To correct the problem, 
you must configure your serial number and install your license-key again. 

□ Blue Coat trusted certificates. 

□ Original SSH (vl and v2) host keys (new host keys are regenerated). 

You can use the force option to restore defaults without confirmation. 

Factory-Defaults 

All system settings are deleted when you use the restore-defaults command with the 
factory-defaults option. 

The only settings that are kept when you use the restore-defaults command with the 
factory-defaults option are: 

□ Trial period information. 

□ The last five installed appliance systems, from which you can pick one for rebooting. 

The Setup Console password is also deleted if you use restore-defaults factory- 
defaults. For information on the Setup Console password, refer to Volume 5: Securing the 
Blue Coat SG Appliance. 

You can use the force option to restore defaults without confirmation. 

Keep-Console 

Settings that are retained when you use the restore-defaults command with the keep- 
console option include: 

□ IP interface settings, including VLAN configuration. 

□ Default gateway and static routing configuration. 

□ Virtual IP address configuration. 

□ TCP round trip time settings. 

□ Bridging settings. 

□ Failover group settings. 

Using the keep-console option retains the settings for all consoles (Telnet, SSFI, FITTP, 
and HTTPS), whether they are enabled, disabled, or deleted. Administrative access 
settings retained using the restore-defaults command with the keep-console option 
include: 

□ Console username and password. 

□ Front panel pin number. 

□ Console enable password. 

□ SSH (vl and v2) host keys. 

□ Keyrings used by secure console services. 

□ RIP configurations. 

You can also use the force option to restore defaults without confirmation. 
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To restore system defaults: 



Note: The keep-console and factory-defaults options are not available through 
the Management Console. 



1. Select Maintenance > System and disks > Tasks. 



Summary Tasks | Environment | Disks 1-2 | SSL Cards | 

- 

0 Software only System to run: |3_ 

O Hardware and software f Restart now 

r Tasks 



| Restore | the configuration to defaults. 
Clear | the DNS cache. 

Clear j the object cache. 



2. From the Tasks field, click Restore the configuration to defaults. If you restore the 
configuration from the Management Console, most settings are lost because you 
cannot use the keep-console option. 

The Restore Configuration dialog appears. 

3. Click OK. 

Related CLI Syntax to Restore System Defaults 

SGOS# restore-defaults [keep-console] 

SGOS# restore-defaults [keep-console] force 
SGOS# restore-defaults factory-defaults 

Clearing the DNS Cache 

You can clear the DNS cache at any time. You might need to do so if you have experienced 
a problem with your DNS server or if you have changed your DNS configuration. 

To clear the DNS cache: 

1. Select Maintenance > System and disks > Tasks. 

2. In the Tasks field, click Clear next to "the DNS cache." 

3. Click OK to confirm in the Clear system DNS cache dialog that appears. 

Related CLI Syntax to Clear the DNS Cache 

SGOS# clear-cache dns-cache 

Clearing the Object Cache 

You can clear the object cache at any time. 

When you clear the cache, all objects in the cache are set to expired. The objects are not 
immediately removed from memory or disk, but a subsequent request for any object 
requested is retrieved from the source before it is served. 
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To clear the object cache: 

1. Select Maintenance > System and disks > Tasks. 

2. In the Tasks field, click Clear next to "the object cache." 

3. Click OK to confirm in the Clear cache dialog that appears. 

Related CLI Syntax to Clear the Object Cache 

SGOS# clear-cache object-cache 

Clearing the Byte Cache 

You can clear the byte cache at any time. You might want to do this for testing purposes. 

To clear the byte cache: 

1. Select Maintenance > System and disks > Tasks. 

2. In the Tasks field, click Clear next to "the byte cache." 

3. Click OK to confirm in the Clear Byte Cache dialog that appears. 

Related CLI Syntax to Clear the Byte Cache 

SGOS# clear-cache byte-cache 

Troubleshooting Tip 

Occasionally, the Management Console might behave incorrectly because of browser 
caching, particularly if the browser was used to run different versions of the Management 
Console. This problem might be resolved by clearing the browser cache. 

Clearing Trend Statistics 

You can clear all persistent trend statistics at any time. 

To clear all persistent statistics: 

1. Select Maintenance > System and disks > Tasks. 

2. In the Tasks field, click Clear next to "the trend statistics." 

3. Click OK to confirm in the Clear Trend Statistics dialog that appears. 

Related CLI Syntax to Clear Trend Statistics 

SGOS# clear- statistics persistent 

Upgrading the SG Appliance 

When an upgrade to the SGOS software becomes available, you can download it through 
the Internet and install it. You can also download it to your PC and install it from there. 



Important: Enable the auto-detect encoding feature on your browser so that it uses the 
encoding specified in the console URLs. The browser does not use the auto- detect 
encoding feature by default. If auto-detect encoding is not enabled, the browser ignores 
the charset header and uses the native OS language encoding for its display. 



37 



Volume 10: Managing the Blue Coat SG Appliance 



The SG Appliance 5.x Version Upgrade 

The appliance must be running version SGOS 4.2. 1.6 or later in order to upgrade to SGOS 
5.x. You cannot directly upgrade from any previous version. 



Note: At least one other system must be unlocked to do the upgrade. If all systems are 
locked, or all systems except the running system are locked, the Download button in the 
Management Console is disabled. Similarly, the load upgrade command in the CLI 
generates an error. 



To upgrade the SG appliance: 



1. Select Maintenance > Upgrade > Upgrade. 



2 . 





Upgrade Systems 

- Download new system software from this URL: 

http://buildserver-1.bluecoat.eom/builds/sgL4_2.24130/wdir/110.d [ Download ] 




Replace: 


oldest unlocked system v 








Show me | the ProxySG Appliance systems available for download. 
Upload | the system image from local file. 

Restart | the default system. 







Click Show me to connect to the Blue Coat download page, follow the instructions, 
and note the URL of the SGOS upgrade for your system model. Then enter the URL in 

the Download new system software from this URL field and click Download. 



-or- 

(Only if you previously downloaded a system image to your PC) Click Upload and 
Browse to the file location, then click Install. The upload might take several minutes. 
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Upload and Install File 



Upload and Install the System Image 

1 . Paste the file path into the box below or choose a file 
by clicking the Browse... button and opening the file. 

2. Click Install to upload and install the new file. It can 
take some time for the upload to complete. Your 
browser may be unresponsive during the upload. 

3. Oncetheinstallationisc omplete d the re suits will b e 
displayed in a new page. Close the results page once 
you have finished viewing the results. 



BlueOCoat 

Systems 




File to upload: 

|C:\Documents and Settings\3000.CHK_dbg Browse.. | 
Install | Close | 



3. (Optional) Select the system to replace in the Replace drop-down list. If you uploaded 
an image from your PC, refresh the Systems pane to see the new system image. 



4. Click Restart. 



The Restart system dialog displays. 




5. Click OK to reboot the SG appliance to the default system. 



Related CLI Syntax to Upgrade the SGOS Software 

SGOS# (config) upgrade-path url 

where url is the location of the SGOS upgrade image. 

SGOS# (config) exit 

SGOS# load upgrade [ignore-warnings] 

where ignore-warnings allows you to force an upgrade even if you receive 
policy deprecation warnings. Using the load upgrade ignore-warnings 
command to force an upgrade while the system emits deprecation warnings 
results in a policy load failure; all traffic is allowed or denied according to default 
policy. 

SGOS# restart upgrade 
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Troubleshooting Tip 

If the SG appliance does not come up after rebooting and the serial port is connected to a 
terminal server (terminal concentrator), try the following: 

□ Have an active session open on the terminal server, noting any traffic (characters) 
being output. 

□ Unplug the terminal server from the appliance in case it is causing a problem (such as 
bad cabling). 

Managing SG Appliance Systems 

The SG appliance Systems tab displays the five available systems. Empty systems are 
indicated by the word Empty. 

The system currently running is highlighted in blue and cannot be replaced or deleted. 
From this screen, you can: 

□ Select the SGOS system version to boot. 

□ Lock one or more of the available SGOS system versions. 

□ Select the SGOS system version to be replaced. 

□ Delete one or more of the available SGOS system versions (CLI only). 

□ View details of the available SGOS system versions. 

To view SGOS system replacement options: 

Select Maintenance > Upgrade > Systems. 




To view details for an SGOS system version: 

1. Select Maintenance > Upgrade > Systems. 

2. Click Details next to the system for which you want to view detailed information; click 
OK when you are finished. 
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To view details for an SGOS system version: 

At the command prompt: 

SGOS> show installed- systems 

Example Session 

SGOS> show installed- systems 

ProxySG Appliance Systems 

1. Version: SGOS 4. 2. 1.1, Release ID: 25460 

Thursday April 6 2006 08:49:55 UTC, Lock Status: Locked 

Boot Status: Last boot succeeded, Last Successful Boot: Thursday 

April 6 2006 17:33:19 UTC 

2. Version: SGOS 4. 2. 1.1, Release ID: 25552 Debug 
Friday April 14 2006 08:56:55 UTC, Lock Status: Unlocked 

Boot Status: Last boot succeeded, Last Successful Boot: Friday April 
14 2006 16:57:18 UTC 

3. Version: N/A, Release ID: N/A ( EMPTY ) 

No Timestamp, Lock Status: Unlocked 

Boot Status: Unknown, Last Successful Boot: Unknown 

4. Version: N/A, Release ID: N/A ( EMPTY ) 

No Timestamp, Lock Status: Unlocked 

Boot Status: Unknown, Last Successful Boot: Unknown 

5. Version: N/A, Release ID: N/A ( EMPTY ) 

No Timestamp, Lock Status: Unlocked 

Boot Status: Unknown, Last Successful Boot: Unknown 
Default system to run on next hardware restart : 2 
Default replacement being used, (oldest unlocked system) 

Current running system: 2 

When a new system is loaded, only the system number that was replaced 
is changed. 

The ordering of the rest of the systems remains unchanged. 

Setting the Default Boot System 

This setting allows you to select the system to be booted on the next hardware restart. If a 
system starts successfully, it is set as the default boot system. If a system fails to boot, the 
next most recent system that booted successfully becomes the default boot system. 

To set the SG appliance to run on the next hardware restart: 

1. Select Maintenance > Upgrade > Systems. 

2. Select the preferred System version in the Default column. 

3. Click Apply. 
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Note: An empty system cannot be specified as default, and only one system can be 
specified as the default system. 



Related CLI Syntax to Set the Default Boot System 

SGOS# (config) installed-systems 

SGOS# (config installed-systems) default system_number 

Locking and Unlocking SG Appliance Systems 

Any system can be locked, except a system that has been selected for replacement. If all 
systems, or all systems except the current system, are locked, the SG appliance cannot 
load a new system. 

If a system is locked, it cannot be replaced or deleted. 

To lock a system: 

1. Select Maintenance > Upgrade > Systems. 

2. Select the system(s) to lock in the Lock column. 

3. Click Apply. 

To unlock a system: 

1. Select Maintenance > Upgrade > Systems. 

2. Deselect the system(s) to unlock in the Lock column. 

3. Click Apply. 

To unlock a system: 

Related CLI Syntax for Locking A System 

SGOS# (config) installed-systems 

SGOS# (config installed-systems) lock system_number 

To unlock: 

SGOS# (config) installed-systems 

SGOS# (config installed-systems) no lock system_number 

Replacing an SG Appliance System 

You can specify the system to be replaced when a new system is downloaded. If no system 
is specified, the oldest unlocked system is replaced by default. You cannot specify a locked 
system for replacement. 

To specify the system to replace: 

1. Select Maintenance > Upgrade > Systems. 

2. Select the system to replace in the Replace column. 

3. Click Apply. 

Related CLI Syntax to Specify the System to Replace 

SGOS# (config) installed-systems 

SGOS# (config installed-systems) replace system_number 
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Deleting an SG Appliance System 

You can delete any of the system versions except the current running system. A locked 
system must be unlocked before it can be deleted. If the system you want to delete is the 
default boot system, you need to select a new default boot system before the system can 
be deleted. 

You cannot delete a system version through the Management Console; you must use the 
CLI. 

To delete a system: 

At the (config) command prompt: 

SGOS# (config) installed-systems 

SGOS# (config installed-systems) delete system_number 
where system_number is the system you want to delete. 



Disk Reinitialization 

You can reinitialize disks on a multi-disk SG appliance. You cannot reinitialize the disk on 
a single-disk SG appliance. If you suspect a disk fault in a single-disk system, contact Blue 
Coat Technical Support for assistance. 



Note: If a disk containing an unmirrored event or access log is reinitialized, the logs are 
lost. Similarly, if two disks containing mirrored copies of the logs are reinitialized, both 
copies of the logs are lost. 



Multi-Disk SG Appliances 

On a multi-disk SG appliance, the master disk is the leftmost valid disk. Valid means that 
the disk is online, has been properly initialized, and is not marked as invalid or unusable. 

If the current master disk is taken offline, reinitialized, or declared invalid or unusable, the 
leftmost valid disk that has not been reinitialized since restart becomes the master disk. 
Thus, as disks are reinitialized in sequence, a point is reached where no disk can be chosen 
as the master. At this point, the current master disk is the last disk. If this disk is taken 
offline, reinitialized, or declared invalid or unusable, the SG appliance is restarted. 

On a multi-disk SG appliance, a disk is reinitialized by setting it to empty and copying 
pre-boot programs, boot programs, and starter programs, and system images from the 
master disk to the reinitialized disk. 

Reinitialization is done online without rebooting the system. (For more information, refer 
to the #disk command in the Volume 12: Blue Coat SG Appliance Command Line Reference.) 
SGOS operations, in turn, are not affected, although during the time the disk is being 
reinitialized, that disk is not available for caching. Only the master disk reinitialization 
restarts the SG appliance. 

Only persistent objects are copied to a newly-reinitialized disk. This is usually not a 
problem because most of these objects are replicated or mirrored. If the reinitialized disk 
contained one copy of these objects (which is lost), another disk contains another copy. 

You cannot reinitialize all of the SG appliance disks over a very short period of time. 
Attempting to reinitialize the last disk in a system before critical components can be 
replicated to other disks in the system causes a warning message to appear. 

Immediately after reinitialization is complete, the SG appliance automatically starts using 
the reinitialized disk for caching. 
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Single-Disk SG Appliance 

The disk on a single-disk SG appliance cannot be reinitialized by the customer. If you 
suspect a disk fault in a single-disk SG appliance, contact Blue Coat Technical Support for 
assistance. 

Deleting Objects from the SG Appliance 

The ability to delete either individual or multiple objects from the SG appliance makes it 
easy to delete stale or unused data and make the best use of the storage in your system. 



Note: The maximum number of objects that can be stored in an SG appliance is affected 
by a number of factors, including the SGOS version it is running and the hardware 
platform series. 



This feature is not available in the Management Console. Use the CLI instead. 

To delete a single object from the SG appliance; 

At the (config) prompt, enter the following command: 

SGOS# (config) content delete url url 

To delete multiple objects from the SG appliance; 

At the (config) prompt, enter the following command: 

SGOS# (config) content delete regex regex 
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Blue Coat Systems has a number of resources to provide diagnostic information: 

□ Heartbeats: Enabled by default. Heartbeats (statistics) are a diagnostic tool used by 
Blue Coat, allowing them to proactively monitor the health of appliances. 

□ Core images: Created when there is an unexpected system restarted. This stores the 
system state at the time of the restart, enhancing the ability for Blue Coat to 
determine the root cause of the restart. 

□ Syslnfo (System Information): Syslnfo provides a snapshot of statistics and events 
on the SG appliance. 

□ PCAP: An onboard packet capture utility that captures packets of Ethernet frames 
going in or out of an SG appliance. 

□ Policy trace: A policy trace can provide debugging information on policy 
transactions. This is helpful, even when policy is not the issue. For information on 
using policy tracing, refer to Volume 11: Blue Coat SG Appliance Content Policy 
Language Guide. 

□ Event Logging: The event log files contain messages generated by software or 
hardware events encountered by the appliance. For information on configuring 
event logging, see "Setting Up Event Logging and Notification" on page 14. 

□ Access Logging: Access logs allow for analysis of Quality of Service, content 
retrieved, and other troubleshooting. For information on Access Logging, refer to 
Volume 9: Access Logging. 

□ CPU Monitoring: With CPU monitoring enabled, you can determine what types of 
functions are taking up the majority of the CPU. 

To test connectivity, use the following commands from the enable prompt: 

□ ping: Verifies that a particular IP address exists and is responding to requests. 

□ traceroute: Traces the route from the current host to the specified destination 
host. 

□ test http get pa th_to_t!RL: Makes a request through the same code paths as a 
proxied client. 

□ display path__to_URL: Makes a direct request (bypassing the cache). 

□ show services: Verifies the port of the Management Console configuration. 

□ show policy: Verifies if policy is controlling the Management Console. 

For information on using these commands, refer to Chapter 2: "Standard and 

Privileged Mode Commands" in the Blue Coat ProxySG Command Line Reference. 



Note: If you cannot access the Management Console at all, be sure that you are using 
HTTPS (https : / /ProxySG_ IP_address : 8 0 82 ) . If you want to use HTTP, you must 
explicitly enable it before you can access the Management Console. 
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This chapter discusses the following topics: 

□ "Diagnostic Reporting (Service Information)" on page 46 (This includes taking 
snapshots of the system.) 

□ "Packet Capturing (the Job Utility)" on page 52 

□ "Core Image Restart Options" on page 57 

□ "Diagnostic Reporting (Heartbeats)" on page 58 

□ "Diagnostic Reporting (CPU Monitoring)" on page 59 

If the SG appliance does not appear to work correctly and you are unable to diagnose the 
problem, contact Blue Coat Technical Support. 

Diagnostic Reporting (Service Information) 

The service information options allow you to send service information to Blue Coat using 
either the Management Console or the CLI. You can select the information to send, send 
the information, view the status of current transactions, and cancel current transactions. 
You can also send service information automatically in case of a crash. 

Sending Service Information Automatically 

Enabling automatic service information allows you to enable the transfer of relevant 
service information automatically whenever a crash occurs. This saves you from initiating 
the transfer, and increases the amount of service information that Blue Coat can use to 
solve the problem. The core image, system configuration, and event log are system-use 
statistics that are sent for analysis. If a packet capture exists, it is also sent. 

The auto-send feature requires that a valid Service Request is entered. If you do not have a 
Service Request open you must first contact Blue Coat Technical Support. 



Important: A core image and packet capture can contain sensitive information — for 
example, parts of an HTTP request or response. The transfer to Blue Coat is encrypted, 
and therefore secure; however, if you do not want potentially sensitive information to 
be sent to Blue Coat automatically, do not enable the automatic service information 
feature. 



To send service information automatically: 

1. Select Maintenance > Service Information > Send Information > General. 



2 . 



General j Send Service Information 

- Auto Send Settings 

1~1 Enable auto-send (Will also enable core image generation) 
Auto Send Service Request Number: 



- Bandwidth Class Settings 

Service Information Bandwidth Class 



<none> 



v 



To send core image service information to Blue Coat automatically, select Enable auto- 
send. 
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3. Enter the service-request number that you received from a Technical Support 
representative into the Auto Send Service Request Number field (the service-request 
number is in the form xx-xxxxxxx or x-xxxxxxx). 

4. Select Apply to commit the changes to the SG appliance. 

5. (Optional) To clear the service-request number, clear the Auto Send Service Request 
Number field and click Apply. 

Related CLI Syntax to Send Service Information 

To send service information automatically: 

1 . To enable (or disable) the automatic service information feature, enter the following 
commands at the (config) command prompt: 

SGOS# (config) diagnostics 

SGOS# (config diagnostics) service-info 

SGOS# (diagnostics service- inf o) auto {enable | disable} 

SGOS# (diagnostics service- inf o) auto sr-number sr_number 

2. (Optional) To clear the service-request number, enter the following command: 
SGOS# (diagnostics service-info) auto no sr-number 

Managing the Bandwidth for Service Information 

You can control the allocation of available bandwidth for sending service information. 
Some service information items are large, and you might want to limit the bandwidth 
used by the transfer. Changing to a new bandwidth management class does not affect 
service information transfers already in progress. However, changing the details of the 
bandwidth management class used for service information, such as changing the 
minimum or maximum bandwidth settings, affects transfers already in progress if that 
class was selected prior to initiating the transfer. 



Note: Before you can manage the bandwidth for the automatic service information 
feature, you must first create an appropriate bandwidth-management class. Refer to 
Volume 6: Advanced Networking for information about creating and configuring bandwidth 
classes. 



To manage bandwidth for service information: 

1. Select Maintenance > Service Information > Send Information > General. 

2. To manage the bandwidth of automatic service information, select a bandwidth class 
from the Service Information Bandwidth Class drop-down menu. 

3. Select Apply to commit the changes to the SG appliance. 

4. (Optional) To disable the bandwidth-management of service information, select none 
from the Service Information Bandwidth Class drop-down menu; click Apply. 

Related CLI Syntax to Manage Bandwidth for Service Information 

SGOS# (diagnostics service-info) bandwidth-class bw_class_name 
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Configure Service Information Settings 

The service information options allow you to send service information to Blue Coat using 
either the Management Console or the CLI. You can select the information to send, send 
the information, view the status of current transactions, and cancel current transactions 
using either the Management Console or the CLI. For information about sending service 
information automatically, see "Sending Service Information Automatically" on page 46. 



Important: You must specify a service-request number before you can send service 
information. See Blue Coat Technical Support at: http:/ / www.bluecoat.com/support/ 
index.html for details on opening a service request ticket. 



The following list details information that you can send: 

□ Packet Capture 

□ Event Log 

□ Memory Core 

□ SYSInfo 

□ Access Logs (can specify multiple) 

□ Snapshots (can specify multiple) 

□ Contexts (can specify multiple) 

To send service information: 

1. Select Maintenance > Service Information > Send Information > Send Service 
Information. 

General Send Service Information 

r Send Service Information 

Service Request Number: 

Information to send: 

Packet Capture (Unknown) Q Event Log (221 ,1 84) 

] M emory Core (U nknown) □ SYS I nf o (U nknown) 

| | Access Logs Select access logs to send 

| | Snapshots Select snapshots to send 

| | Contexts Select contexts to send 

Select Newest 

| Send | | View Progress | 

2. Enter the service-request number that you received from a Technical Support 
representative (the service-request number is in the form xx-xxxxxxx or x-xxxxxxx). 

3. Select the appropriate checkboxes (as indicated by a Technical Support representative) 

in the Information to send field. 



Note: Options for items that you do not have on your system are grayed out and 
cannot be selected. 
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4. (Optional) If you select Access Logs, Snapshots, or Contexts, you must also click 

Select access logs to send. Select snapshots to send, or Select contexts to send and 

complete the following steps in the corresponding dialog that appears: 




a. To select information to send, highlight the appropriate selection in the 

Access Logs/Snapshots/Contexts Not Selected field and click Add to Selected. 

b. To remove information from the Access Logs/Snapshots/Contexts Selected 

field, highlight the appropriate selection and click Remove from Selected. 

c. Click Ok. 

5. Click Send. 

6. Click Ok in the Information upload started dialog that appears. 




7. Select Apply to commit the changes to the SG appliance. 

Related CLI Syntax to Send Service Information 

SGOS# (diagnostics service-info) [ subcommands 1 
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Creating and Editing Snapshot Jobs 

The snapshot subsystem periodically pulls a specified console URL and stores it in a 
repository, offering valuable resources for Blue Coat customer support in diagnosing 
problems. 

By default, two snapshots are defined. The first takes a snapshot of the system 
information URL once every 24 hours. The second snapshot takes an hourly snapshot of 
the system information statistics. Both of these snapshot jobs keep the last 30 snapshots. 

Determining which console URL to poll, the time period between snapshots, and how 
many snapshots to keep are all configurable options for each snapshot job. 

To create a new snapshot job: 

1. Select Maintenance > Service Information > Snapshots. 




2. Click New. 

3. Enter a snapshot job into the Add list item dialog that displays; click Ok. 

4. Select Apply to commit the changes to the SG appliance. 

5. (Optional) To view snapshot job information, click View All Snapshots. Close the 
window that opens when you are finished viewing. 

Related CLI Syntax to Send Service Information 

SGOS# (config diagnostics) snapshot create snapshot_name 

To edit an existing snapshot job: 

1. Select Maintenance > Service Information > Snapshots. 

2. Select the snapshot job you want to edit (highlight it). 

3. Click Edit. 

The Edit Snapshot dialog displays. 
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4. Enter the following information into the Edit Snapshot fields: 

a. Target: Enter the object to snapshot. 

b. Interval (minutes): Enter the interval between snapshot reports. 

c. Total Number To Take: Enter the total number of snapshots to take or select 
Infinite to take an infinite number of snapshots. 

d. Maximum Number To Store: Enter the maximum number of snapshots to store. 

e. Enabled: Select this to enable this snapshot job or deselect it to disable this 
snapshot job. 

5. (Optional) Click View URL List to open a window displaying a list of URLs; close the 
window when you are finished viewing. 

6. (Optional) Click View Snapshots to open a window displaying snapshot information; 
close the window when you are finished viewing. 

7. (Optional) Click Clear Snapshots to clear all stored snapshot reports. 



Related CLI Syntax to Edit an Existing Snapshot Job 

□ To enter configuration mode: 

SGOS# (config) diagnostics 



□ 



The following subcommands are available: 

SGOS# (config diagnostics) snapshot edit snapshot_name 
SGOS# (config snapshot snapshot_name) (disable | enable} 
SGOS# (config snapshot snapshot_name) interval minutes 

SGOS# (config snapshot snapshot_name) keep number_to_keep 
100 ) 



( from 1 - 



SGOS# (config snapshot snapshot_name) 
SGOS# (config snapshot snapshot_name) 



take {infinite | number_to_take} 
target object_to_fetch 
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Packet Capturing (the Job Utility) 

You can capture packets of Ethernet frames going into or leaving an SG appliance. Packet 
capturing allows filtering on various attributes of the frame to limit the amount of data 
collected. The maximum PCAP size allowed is 100MB. Any packet filters must be defined 
before a capture is initiated, and the current packet filter can only be modified if no 
capture is in progress. 

The pcap utility captures all received packets that are either directly addressed to the SG 
appliance through an interface's MAC address or through an interface's broadcast 
address. The utility also captures transmitted packets that are sent from the appliance. The 
collected data can then be transferred to the desktop or to Blue Coat for analysis. 



Note: Packet capturing increases the amount of processor usage performed in TCP /IP. 

To analyze captured packet data, you must have a tool that reads Packet Sniffer Pro 1.1 
files (for example. Ethereal or Packet Sniffer Pro 3.0). 



PCAP File Name Format 

The name of a downloaded packet capture file has the format: bluecoat_date_filter- 
expression. cap, revealing the date and time (UTC) of the packet capture and any filter 
expressions used. Because the filter expression can contain characters that are not 
supported by a file system, a translation can occur. The following characters are not 
translated: 

□ Alphanumeric characters (a-z, A-Z, 0-9) 

□ Periods (.) 

Characters that are translated are: 

□ Space (replaced by an underscore) 

□ All other characters (including the underscore and dash) are replaced by a dash 
followed by the ASCII equivalent; for example, a dash is translated to -2D and an 
ampersand (&) to -26. 

Common PCAP Filter Expressions 

Packet capturing allows filtering on various attributes of the frame to limit the amount of 
data collected. PCAP filter expressions can be defined in the Management Console or the 
CLI. Below are examples of filter expressions; for PCAP configuration instructions, see 
"Configuring Packet Capturing" on page 53. 

Some common filter expressions for the Management Console and CLI are listed below. 
The filter uses the Berkeley Packet Filter format (BPF), which is also used by the tcpdump 
program. A few simple examples are provided below. If filters with greater complexity are 
required, you can find many resources on the Internet and in books that describe the BPF 
filter syntax. 
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Note: Some qualifiers must be escaped with a backslash because their identifiers are also 
keywords within the filter expression parser. 

□ ip proto protocol 

where protocol is a number or name (icmp, udp, top). 

□ ether proto protocol 

where protocol can be a number or name (ip, arp, rarp). 



Table 4-1 . PCAP Filter Expressions 



Filter Expression 


Packets Captured 


ip host 10.25.36.47 


Captures packets from a specific host with IP address 
10.25.36.47. 


not ip host 10.25.36.47 


Captures packets from all IP addresses except 
10.25.36.47. 


ip host 10.25.36.47 and ip 
host 10.25.36.48 


Captures packets sent between two IP addresses: 
10.25.36.47 and 10.25.36.4 8. 

Packets sent from one of these addresses to other IP 
addresses are not filtered. 


ether host 00 : eO : 81 : 01 : f 8 : fc 


Captures packets to or from MAC address 
00:e0:81:01:f8:fc:. 


port 80 


Captures packets to or from port 80. 



Using Filter Expressions in the CLI 

To add a filter to the CLI, use the command: 
SGOS# pcap filter expr parameters 
To remove a filter, use the command: 

SGOS# pcap filter <enter> 



Important: Define CLI filter expr parameters with double-quotes to avoid 

confusion with special characters. For example, a space is interpreted by the CLI as 
an additional parameter, but the CLI accepts only one parameter for the filter 
expression. Enclosing the entire filter expression in quotations allows multiple 
spaces in the filter expression. 



Configuring Packet Capturing 

Use the following procedures to configure packet capturing. If a download of the 
captured packets is requested, packet capturing is implicitly stopped. In addition to 
starting and stopping packet capture, a filter expression can be configured to control 
which packets are captured. For information on configuring a PCAP filter, see 
<Hyperlink>"Common PCAP Filter Expressions" above. 



Note: Requesting a packet capture download stops packet capturing. 

To analyze captured packet data, you must have a tool that reads Packet Sniffer Pro 1.1 
files (for example. Ethereal or Packet Sniffer Pro 3.0). 
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To enable, stop, and download packet captures: 

1. Select Maintenance > Service Information > Packet Captures. 



_3 

4 



2. In the Direction drop-down list, select the capture direction: in, out, or both. 

3. In the Interface drop-down list, select the interface on which to capture. 

4. To define or change the PCAP filter expression, enter the filter information into the 
Capture filter field. (See "Common PCAP Filter Expressions" on page 52 for 
information about PCAP filter expressions for this field.) To remove the filter, clear 
this field. 

5. Click Start Capture. The Start Capture dialog displays. 




Packet Captures 

r Packet Captures - 



Start capture" 



Download capture 



-c=- Direction: 
Capture filter: 



Stop capture 



Show statistics 



Both 



Interface: 



All 
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6. Set the buffer size and method by choosing one of the following radio buttons: 

a. Capture all matching packets. 

b. Capture first n matching packets. Enter the number of matching packets (n) to 
capture. If the number of packets reaches this limit, packet capturing stops 
automatically. The value must be between 1 and 1000000. 

c. Capture last n matching packets. Enter the number of matching packets (n) to 
capture. Any packet received after the memory limit is reached results in the 
discarding of the oldest saved packet prior to saving the new packet. The 
saved packets in memory are written to disk when the capture is stopped. The 
value must be between 1 and 1000000. 

d. Capture first n matching Kilobytes. Enter the number of kilobytes (n) to 
capture. If the buffer reaches this limit, packet capturing stops automatically. 

The value must be between 1 and 102400. 

e. Capture last n matching Kilobytes. Enter the number of kilobytes (n) to 
capture. Any packet received after the memory limit is reached results in the 
discarding of the oldest saved packet prior to saving the new packet. The 
saved packets in memory are written to disk when the capture is stopped. The 
value must be between 1 and 102400. 

7. Optional — To truncate the number of bytes saved in each frame, enter a number in the 
Save first n bytes of each packet field. When configured, pcap collects, at most, n bytes 
of packets from each frame when writing to disk. The range is 1 to 65535. 

8. Optional — To specify the number of kilobytes of packets kept in a core image, enter a 
value in the Include n K Bytes in core image field. You can capture packets and include 
them along with a core image. This is extremely useful if a certain pattern of packets 
causes the unit to restart unexpectedly. The core image size must be between 0 and 
102400. By default, no packets are kept in the core image. 

9. To start the capture, click the Start Capture button. The Start Capture dialog closes. 
Note that the Start captures button in the Packet Captures tab is now grayed out 
because packet capturing is already started. 

You do not have to click Apply because all changes are applied when you start the 
packet capture. 



Packet Captures 

- Packet Captures 

~ Stop capture 

c= {- Download capture | [ Show statistics 

Direction: | | n v Interface: j qq 

Capture filter: 



10. To stop the capture, click the Stop capture button. This button is grayed out if a packet 
capture is already stopped. 

11. To download the capture, click the Download capture button. This button is grayed out 
if no file is available for downloading. 
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Related CLI Syntax to Define Packet Capturing Settings 
SGOS# pcap filter parameters 
SGOS# pcap start [ subcommands ] 



To start, stop, and download packet captures through a browser: 

1. Start your Web browser. 

2. Enter the URL: https : / / appliance_IP_address : 8 0 82 /PCAP/ Statistics and log 
on to the appliance as needed. 

The Packet Capture Web page opens. 



3. 



3 Packet Capture - Microsoft Internet Explorer 



File Edit View Favorites Tools Help 






Address | https : //10. 25. 36 . ■ 47 : 8082/PC AP/Statistics ^ 






~n 



Packet Capture 



Packet capture Statistics 

Current state: Stopped 
Filtering: On 
Filter expression: 



Packets captured : 56 
Bytes captured : 5,695 
Packets written : 56 
Bytes written : 7,391 
Packets filtered : 0 

Max packet RAM : 0(null) Packet RAM used : 0(null) 
Start packet capture 
Stop packet capture 
Download packet capture file 



Select the desired action: Start packet capture. Stop packet capture. Download packet 
capture file. 



You can also use the following URLs to configure these individually: 



□ To start packet capturing, use this URL: 
https:/ /ProxySG_IP_address : 8 0 82 /PCAP/ start 

□ To stop packet capturing, use this URL: 

https : //Proxy SG_IP_address : 8082/PCAP/ stop 

□ To download packet capturing data, use this URL: 

https : / /Proxy SG_IP_address : 8 0 82/PCAP/bluecoat . cap 



Viewing Current Packet Capture Data 

Use the following procedures to display current capture information from the SG 
appliance. 
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To view current packet capture statistics: 

1. Select Maintenance > Service Information > Packet Captures. 

2. To view the packet capture statistics, click the Show statistics button. 

A window opens displaying the statistics on the current packet capture settings. Close 
the window when you are finished viewing the statistics. 

Related CLI Syntax to View Packet Capture Data 

SGOS# pcap info 

Uploading Packet Capture Data 

Use the following command to transfer packet capture data from the SG appliance to an 
FTP site. You cannot use the Management Console. After uploading is complete, you can 
analyze the packet capture data. 

SGOS# pcap transfer ftp : //url/path/f ilename . cap username password 

Specify a username and password, if the FTP server requires these. The username and 
password must be recognized by the FTP server. 

Core Image Restart Options 

This option specifies how much detail is logged to disk when a system is restarted. 
Although this information is not visible to the user. Blue Coat Technical Support uses it in 
resolving system problems. The more detail logged, the longer it takes the SG appliance to 
restart. There are three options: 

□ None — no system state information is logged. Not recommended. 

□ Context only — the state of active processes is logged to disk. This is the default. 

□ Full — A complete dump is logged to disk. Use only when asked to do so by Blue Coat 
Technical Support. 

The default setting of Context only is the optimum balance between restart speed and the 
information needs of Blue Coat Technical Support in helping to resolve a system problem. 

You can also select the number of core images that are retained. The default value is 2; the 
range is between 1 and 10. 

To configure core image restart options: 

1. Select Maintenance > Core Images. 




2. Select a core image restart option. 

3. (Optional) Select the number of core images that are retained from the Number of 
stored images drop-down list. 

4. Select Apply to commit the changes to the SG appliance. 
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Related CLI Syntax for Configuring Core Image Restart Options 

SGOS# (config) restart core-image {context | full ] keep number | none} 

Diagnostic Reporting (Heartbeats) 

The SG appliance diagnostic reporting configurations are located in the Management 
Console (under the Maintenance > Hearbeats tab), and in the CLI (under the configuration 
diagnostics submode). 

The daily heartbeat is a periodic message that is sent every 24 hours and contains SG 
appliance statistical data. Besides telling the recipient that the device is alive, heartbeats 
also are an indicator of the appliance's health. Heartbeats do not contain any private 
information; they contain only aggregate statistics that can be use to preemptively 
diagnose support issues. The daily heartbeat is encrypted and transferred to Blue Coat 
using HTTPS. Administrators can have the daily heartbeat messages e-mailed to them by 
configuring event log notification. The content that is e-mailed to the administrator is the 
same content sent to Blue Coat. 

If monitoring is enabled. Blue Coat receives encrypted information over HTTPS whenever 
the appliance is rebooted. The data sent does not contain any private information; it 
contains restart summaries and daily heartbeats. This allows the tracking of SG appliance 
unexpected restarts due to system issues, and allows Blue Coat to address system issues 
preemptively. 

If the daily heartbeats setting is disabled, you can still send a heartbeat message by using 
the send-heartbeat command through the CLI (this feature is not available through the 
Management Console). 

To set daily heartbeats and/or Blue Coat monitoring: 

1. Select Maintenance > Heartbeats. 



Heartbeats 

r Monitoring: 

0 Enable daily heartbeats 
0 Enable Blue Coat Systems monitoring 

2. Select or deselect Enable daily heartbeats or Enable Blue Coat monitoring. 

3. Select Apply to commit the changes to the SG appliance. 

Related CLI Syntax to Manage Heartbeats and Monitoring 

□ To enter configuration mode: 

SGOS# (config) diagnostics [ Command_Modes ] 

□ The following subcommands are available: 

SGOS# (config diagnostics) heartbeat enable 
SGOS# (config diagnostics) monitor enable 
SGOS# (config diagnostics) send-heartbeat 



Note: This option is not available through the Management Console. 
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Diagnostic Reporting (CPU Monitoring) 

You can enable CPU monitoring whenever you want to see the percentage of CPU being 
used by specific functional groups. For example, if you look at the CPU consumption and 
notice that compression/ decompression is consuming most of the CPU, you can change 
your policy to compress /decompress more selectively. 



Note: CPU monitoring uses about 2-3% CPU when enabled, and so is disabled by 
default. 



To configure and view CPU monitoring: 
1. Select Statistics > Advanced. 




2. Click the Diagnostics link. 

A list of links to Diagnostic URLs displays. 



Diagnostics 

• Show saved snapshots 

/Diagnostics/Sr>apshot/[<snapshot name>[/download\/view 
l/alty<report>]]j 

• CPU Monitor statistics 

• Stop the CPU Monitor 

• Start the CPU Monitor 

• Show information about the hardware installed 

3. To enable CPU monitoring, click the Start the CPU Monitor link; to disable it, click the 

Stop the CPU Monitor link. 

4. To view CPU monitoring statistics, click the CPU Monitor statistics link. You can also 
click this link from either of the windows described in Step 3. 

Related CLI Syntax to Configure and View CPU Monitoring 

SGOS# (config) diagnostics 

SGOS# (config diagnostics) cpu-monitor disable | enable 
SGOS# (config diagnostics) cpu-monitor interval seconds 



Note: The total percentages do not always add up because the display only shows 
those functional groups that are using 1% or more of the CPU processing cycles. 
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Note: The commands SGOS# (conf ig) show cpu and SGOS#(config 

diagnostics) view cpu-monitor can sometimes display CPU statistics that differ 
by about 2-3%. This occurs because different measurement techniques are used for 
the two displays. 
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The Statistics tabs of the Management Console allows you to graphically view the 
status of many system operations, take disks offline, and put them online. Many 
statistics are available through the CLI, but without the benefit of graphical display 

You can also view detailed system information through the CLI using the show 
command. Access this command through either the enable command prompt (sgos#) 
or the config command prompt (sgos# (conf ig) ). For convenience, the procedures in 
this chapter show only the enable command prompt. See "Using the CLI show 
Command to View Statistics" on page 87 for information about using the show 
command. 

The Statistics tab includes the following statistics pages: 
a "Traffic Mix" on page 62 

□ "Traffic History" on page 65 

□ "ADN History" on page 68 

a "Bandwidth Management" on page 68 
a "Protocol Details" on page 68 
a "System Statistics" on page 70 

□ "Traffic Mix" on page 62 

a "Active Sessions" on page 75 
a "Access Logging" on page 86 
a "Advanced Statistics" on page 86 

Selecting the Graph Scale 

Some statistics are reported in the form of bar graphs. Most bar graphs offer the option 
to show all values in the graph or to clip a percentage of the peak values, which means 
that a percentage is allowed to fall off the scale. For example, if you select clip 25% of 
peaks, the top 25% of the values are allowed to exceed the scale for the graph, showing 
greater detail for the remaining 75% of the values. To set the graph scale, select a value 
from the Graph scale should drop-down list. Some of the graphs offer the option of 
viewing statistics in bytes or objects. On these pages, you can switch among viewing 
modes by selecting bytes served or objects served mode from the Graph shows or 
Percentages reflect drop-down list. 

The following example shows the graph scaling drop-down. 



Graph scale should: 


show all values v 


Help 




show all values 
clip 25% of peaks 




clip 50% of peaks 


|dip 75% of peaks 



You can also move your cursor over the bar graphs to dynamically display color-coded 
statistical information. 
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Traffic Mix 

Use the Statistics > Traffic Mix page to display traffic distribution and bandwidth statistics 
for traffic running through the ProxySG appliance. You can display statistics for proxy- 
types or for services and for various time periods. 



Traffic Mix 




• 0 Service Q Proxy 



[^1 Include bypassed bytes in graphs 



(kilobits per second) 



20 



_ 0 

8:55am 



a 

c 



BW Usage [ BW Gain 



CIFS: 

HTTP: 

Kerberos: 

LDAP: 

Default: 

Endpoint Mapper: 0.3% 
Citrix ICA: 0% 

Other: 0% 



Client Bytes I Server Byteso- 



Default Ports.. 




>Service Name 


Proxy Type * 


Client Bytes 


Server Bytes 


Bypassed Bytes 


Bandwidth Gain 


CIFS 


CIFS 


0 


0 


119,697 


n/a |A 


Endpoint Mapper 


Endpoint Mapper 


0 


0 


888 


i ha r 


FTP 


FTP 


0 


0 


0 


1 ha \ m 



Total Client Bytes: 0 bytes Total Server Bytes: 0 bytes Total Bypassed Bytes: 217 54 KB Total Gain: 



a. View aggregated bandwidth usage or gain graphs and statistics. 

b. View client or server byte distribution charts and statistics. 

c. Review client bytes, server bytes, bypassed bytes, and bandwidth gain (per proxy or 
service). 

d. Review totals for client bytes, server bytes, bandwidth gain, bypassed bytes, and total gain 
(for all proxies or all services). 

e. Show default service bytes per port. 

f. Switch between proxy and service traffic mix statistics. 

g. Modify the historical reporting period. 

h. Include or exclude bypassed bytes 



Figure 5-1. Traffic Mix Page 



Note: Bypassed bytes are bytes that are not intercepted by a service or proxy. When 

you include or exclude bypassed bytes, only the graph data and totals are affected. 
The table data in the lower half of the page is not altered. 



For a list of supported proxies, see "Supported Proxy Types and Services" on page 66. 
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Note: Endpoint Mapper proxy bytes are the result of Microsoft Remote Procedure Call 
(MSRPC) communication for MAPI traffic. 



Understanding Chart Data 

The chart data updates automatically every 60 seconds. The units for the X and Y axis 
change, according to the selected duration. For example, if you select "Last Week," the X- 
axis displays the days of the week (the most current day is to the far right). 

The word "Hit" can appear at the top of the BW Gain graph if the gain was the result of a 
cache hit. 

The colors in the bandwidth usage and bandwidth gain charts represent the following 
information: 

□ Green — Client bytes 

□ Blue — Server bytes 

□ Brown — Bypassed bytes 

□ Dark Blue — Bandwidth Gain (which includes bypassed bytes, if selected) 

Note that in the tool tip, bandwidth gain is represented in black text. 

Hover the mouse cursor over the graph data to obtain detailed values. 











[c = 5,900,880 bps 

S = 5,440,1 74 bps 
B = 16,678 bps 

[Gain = 8% (1 08x) 










21 


14 



Figure 5-2. Traffic mix statistics displayed when cursor hovers over chart data 



Refreshing the Data 

The data in the Traffic Mix page refreshes whenever you switch views or change the 
duration of the sample. If there is no activity, the data refreshes every 60 seconds. 

About Bypassed Bytes 

Bypassed bytes are bytes that are not intercepted by a service or proxy. By default, 
bypassed bytes are included in the traffic mix views. When evaluating traffic statistics for 
potential optimization, it can be useful to include or exclude the bypassed byte statistics. 
Include or exclude bypassed bytes in the charts and graphs by selecting or deselecting 

Include bypassed bytes. 

When you include or exclude bypassed bytes, only the graph data and totals are affected. 
The table data in the lower half of the page is not altered. 
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About the Default Service Statistics 

The default service statistics represent bytes for traffic that has been bypassed because it 
did not match: 

□ An existing service listener. 

□ Other rules, such as static or dynamic bypass. 

View the default service bytes by clicking Default Ports... in the upper-right section of the 
page. 




Figure 5-3. Default Service Per Port Bytes Dialog 

Refer to Volume 3: Proxies and Proxy Services for more information about the default 
service. 

Viewing Bandwidth Usage or Gain 

Select the BW Usage or BW Gain tab in the Traffic Mix page to view bandwidth-usage and 
bandwidth gain statistics for the SG appliance over the last hour, day, week, month, and 
year. To view per-service or per-proxy bandwidth usage statistics, go to the Traffic History 
page. 

In the BW Usage graph, the green display represents client data; the blue display 
represents server data; the brown represents bypassed bytes data. Hover your cursor over 
the graph to see the bandwidth usage and gain data. 

To view bandwidth usage or gain statistics: 

1. Select Statistics > Traffic Mix > BW Usage or BW Gain. 

2. Select a time period from the Duration drop-down. 

3. (Optional) Select Include bypassed bytes in graphs to exclude statistics for bytes not 
intercepted by a proxy or service. 
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4. Select the Service radio button to display the bandwidth usage statistics for all 
configured services. 

5. Select the Proxy radio button to display the bandwidth usage statistics for all 
supported proxies. 

Viewing Client Byte and Server Byte Traffic Distribution 

Select the Client Bytes or Server Bytes tabs in the Traffic Mix page to view a pie chart of 
client byte or server byte statistics for the SG appliance over the last hour, day, week, 
month, or year. The pie charts display data for the top seven services or proxies; all other 
proxy and service statistics are categorized in the "Other" category. These items are 
arranged in a sorted order — the item that has highest percentage is displayed at the top of 
the list. 

To view client and server byte statistics: 

1. Select Statistics > Traffic Mix > Client Bytes or Server Bytes. 

2. Select a time period from the Duration drop-down. 

3. (Optional) Select Include bypassed bytes in graphs to include statistics for bytes not 
intercepted by a proxy or service. 

4. Select the Service radio button to display the traffic distribution statistics for all 
services. 

5. Select the Proxy radio button to display the traffic distribution statistics for all 
supported proxies. 

Traffic History 

Use the Statistics > Traffic History page to monitor the traffic statistics for all traffic 
running through the SG appliance. You can display statistics for all proxy-types or all 
services. 
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Supported Proxy Types and Services 

The Traffic History (and Traffic Mix) page displays data for the following proxy types (and 
services of these proxy types): 



• CIFS 

• HTTP 

• MAPI 

• TCP Tunnel 



• Endpoint Mapper 

• HTTPS Forward 
Proxy 

• MSRPC 

• Windows Media 



. ftp 

• HTTPS Reverse 
Proxy 

• SSL 



Note: Endpoint Mapper proxy bytes are the result of Remote Procedure Call (RPC) 
communication for MAPI traffic. 
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Unsupported Proxy Types 

The Traffic History does not display data for the following proxy types: 

• DNS • IM • P2P 

• QuickTime • Real Media • SOCKS 

• Telnet 

Understanding Chart Data 

The Traffic History chart data updates automatically every 60 seconds. The colors in the 
chart represent the following information: 

□ Bandwidth Usage chart: 

• Green — Client bytes 

• Blue — Server bytes 

• Brown — Bypassed bytes 

• Dark Blue — Bandwidth gain 

□ Bandwidth Gain chart 

• Dark Blue — Bandwidth gain 

□ Client and Server Byte charts: 

• Green — Intercepted client bytes 

• Blue — Intercepted server bytes 

• Brown — Bypassed bytes 

Hover the mouse cursor over the chart data to obtain detailed values. 




Figure 5-4. Traffic history statistics displayed when cursor hovers over chart data 



Refreshing the Data 

The data in the Traffic History page refreshes whenever you switch views or change the 
duration of the sample. If there is no activity, the data refreshes every minute. 
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About Bypassed Bytes 

Bypassed bytes are bytes that are not intercepted by a service or proxy. By default, 
bypassed bytes are included in the traffic mix views. When evaluating traffic statistics for 
potential optimization, it can be useful to include or exclude the bypassed byte statistics. 
Include or exclude bypassed bytes in the charts and graphs by selecting or deselecting 

Include bypassed bytes. 

Viewing Bandwidth Usage or Gain or Client Byte and Server Byte 
Traffic History 

To view client and server byte or bandwidth gain statistics: 

1. Select Statistics > Traffic History > BW Usage, BW Gain, Client Bytes, or Server Bytes. 

2. Generate history data for a service or proxy: 

Service history: 

a. Select the Service radio button. 

b. Select a service from the drop-down menu. 

Proxy history: 

a. Select the Proxy radio button. 

b. Select a proxy from the drop-down menu. 

3. Select a time period from the Duration drop-down. 

4. (Optional) Select Include bypassed bytes in graphs to exclude statistics for bytes not 
intercepted by a proxy or service. 

ADN History 

The Statistics > ADN History pages display WAN optimization statistics for inbound and 
outbound compression gain. Refer to the WAN optimization information in Volume 6: 
Advanced Networking for more information about these statistics. 



Bandwidth Management 

The Statistics > Bandwidth Mgmt. pages display the current class and total class statistics. 
Refer to the bandwidth management information in Volume 6: Advanced Netzvorking for 
more information about these statistics. 

Protocol Details 

The Statistics > Protocol Details pages provide statistics for the protocols serviced by the 
SG appliance. These statistics should be used to compliment the statistics in the Traffic 
History and Traffic Mix pages. 

The descriptions of these statistics are located in the proxy services to which they pertain. 
The following list provides a listing of these statistics and describes where to go for 
additional information. 
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□ CIFS History 

The Statistics > Protocol Details > CIFS History pages enable you view statistics for 
CIFS objects, CIFS bytes read, CIFS bytes written, CIFS clients. Refer to the CIFS 
chapter in Volume 3: Proxies and Proxy Services for more information about these 
statistics. 

□ HTTP/FTP History 

The Statistics > Protocol Details > HTTP/FTP History pages enable you view statistics 
for HTTP/HTTPS/FTP objects, HTTP /HTTPS /FTP bytes HTTP /HTTPS /FTP clients, 
client compression gain, and server compression gain. Refer to the HTTP and FTP 
chapters in Volume 3: Proxies and Proxy Services for more information about these 
statistics. 

For HTTP/FTP bandwidth usage statistics, see the Traffic Mix and Traffic History 
pages. 

□ IM History 

The Statistics > Protocol Details > IM History pages enable you view statistics for IM 
connection data, IM activity data, and IM clients. Refer to the IM chapter in Volume 4: 
Web Communication Proxies for more information about these statistics. 

□ MAPI History 

The Statistics > Protocol Details > MAPI History pages enable you view statistics for 
MAPI client bytes read, MAPI client bytes written, and MAPI clients. Refer to the 
MAPI chapter in Volume 3: Proxies and Proxy Services for more information about these 
statistics. 

For MAPI bandwidth usage statistics, see the Traffic Mix and Traffic History pages. 

□ P2P History 

The Statistics > Protocol Details > P2P History pages enable you view statistics for P2P 
data, P2P clients, and P2P bytes. Refer to the P2P information in Volume 7: VPM and 
Advanced Policy for more information about these statistics. 

□ Shell History 

The Statistics > Protocol Details > Shell History pages enable you view statistics for 
shell clients. Refer to the shell proxy information in Volume 3: Proxies and Proxy Services 
for more information about these statistics. 

□ SOCKS History 

The Statistics > Protocol Details > SOCKS History pages enable you view statistics for 
SOCKS clients, SOCKS connections, client compression gain, server compression 
gain. Refer to the SOCKS chapter in Volume 3: Proxies and Proxy Services for more 
information about these statistics. 

□ SSL History 

The Statistics > Protocol Details > SSL History pages enable you view statistics for 
unintercepted SSL data, unintercepted SSL clients, unintercepted SSL bytes. Refer to 
the SSL chapter in Volume 3: Proxies and Proxy Services for more information about 
these statistics. 
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□ Streaming History 

The Statistics > Protocol Details > Streaming History pages enable you view statistics 
for Windows Media, Real Media, QuickTime, current streaming data, total streaming 
data, and bandwidth gain. Refer to the streaming chapter in Volume 4: Web 
Communication Proxies for more information about these statistics. 

For MMS bandwidth usage statistics, see the Traffic Mix and Traffic History pages. 

System Statistics 

The System Statistics pages enable you to view: 

□ "Resources Statistics" 

□ "Contents Statistics" on page 73 

a "Event Logging Statistics" on page 74 

□ "Failover Statistics" on page 75 

Resources Statistics 

The Resources tabs (CPU, Disk Use, Memory Use, and Data) allow you to view information 
about how disk space and memory are being used, and how disk and memory space are 
allocated for cache data. You can view data allocation statistics through both the 
Management Console and the CLI, but disk and memory use statistics are available only 
through the Management Console. 

Viewing CPU Utilization 

Through the Management Console, you can view the average CPU utilization percentages 
for the SG appliance over the last 60 minutes, 24 hours, and 30 days. You can see the 
current CPU utilization statistic through the CLI. 

To view CPU utilization: 

1. Select Statistics > System > Resources > CPU. 



CPU | Disk Use | Memory Use | Data 
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Viewing Disk Use Statistics 

The Disk Use tab shows the SG appliance disk usage. The fields on the tab are: 

□ System Objects — the percentage of storage resources currently used for non-access- 
log system objects. 

□ Access log — the percentage of storage resources currently used for the access log. 

□ Cache in Use — the percentage of non-system, non-access-log resources currently in 
use for cached objects. 

□ Cache available — the percentage of non-system, non-access-log resources still 
available for caching objects. 

To view disk use statistics: 

Select Statistics > System > Resources > Disk Use. 




Viewing Memory Use Statistics 

The Memory Use tab shows the amount of memory used for RAM, the SG appliance itself, 
and for network buffers. The fields on the Memory Use tab are: 

□ RAM Cache — the amount of RAM that is used for caching. 

□ System allocation — the amount of RAM allocated for the device system. 

□ Network buffers — the amount of RAM currently allocated for network buffers. 

To view memory use statistics: 

Select Statistics > System > Resources > Memory Use. 
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Viewing Data Allocation Statistics in RAM and on Disk 

The Data tab shows the total and available disk space and RAM, and how they are 
currently allocated. The fields on the Data tab are described below. This information can 
also be viewed through the CLI. 

□ Maximum objects supported — the maximum number of objects that can be supported. 

□ Cached objects — the number of objects that are currently cached. 

□ Disk used by system objects — the amount of disk space used by the system objects. 

□ Disk used by access log — the amount of disk space used for access logs. 

□ Total disk installed — the total amount of disk space installed on the device. 

□ RAM used by cache — the amount of RAM allocated for caching. 

□ RAM used by system — the amount of RAM allocated for system use. 

□ RAM used by network — the amount of RAM allocated for network use. 

□ Total RAM installed — the total amount of RAM installed. 

To view data allocation statistics: 

Select Statistics > System > Resources > Data. 
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CPU | Disk Use | Memory Use | Data 



Maximum objects supported: 


2,292,607 objects 


Cached Objects: 


27,797 objects 


Disk used by system objects: 


1 .5 gigabytes 


Disk used by access log: 


0 bytes 


Total disk installed: 


37.27 gigabytes 


RAM used by cache: 


374.61 megabytes 


RAM used by system: 


112.13 megabytes 


RAM used by network: 


864.03 kilobytes 


Total RAM installed: 


487.59 megabytes 



Contents Statistics 

The Contents tabs (Distribution and Data) allow you to see information about objects 
currently stored or served organized by size. The cache contents include all objects 
currently stored by the SG appliance. The cache contents are not cleared when the 
appliance is powered off. 

Viewing Cached Objects by Size 

The Distribution tab shows the objects currently stored by the SG appliance, ordered by 
size. 

To view the distribution of cache contents: 

Select Statistics > System > Contents > Distribution. 
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Viewing the Number of Objects Served by Size 

The Data tab displays the number of objects served by the SG appliance, organized by 
size. This chart shows you how many objects of various sizes have been served. 
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To view the number of objects served: 
Select Statistics > System > Contents > Data. 
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Event Logging Statistics 

The event log contains all events that have occurred on the SG appliance. Configure the 
level of detail available by selecting Maintenance > Event Logging > Level (see 
"Configuring Which Events to Log" on page 14 for details). 

To view the event log: 

1. Select Statistics > System > Event Logging. 



Event log: END OF LOG 



2005-11-29 19: 
2005-11-29 20. 
2005-11-29 20. 
2005-11-29 21: 
2005-11-29 21. 
2005-11-29 22. 
2005-11-29 22: 
2005-11-29 22. 
2005-11-29 22. 
2005-11-29 22: 
2005-11-29 22. 
2005-11-29 23. 
2005-11-29 23. 



45: 41+00: OOUTC 
00: 02+00: OOUTC 
33:29+00: OOUTC 
00: 01+00: OOUTC 
33:29+00: OOUTC 
00: 00+00: OOUTC 
04:58+00: OOUTC 
04:59+00: OOUTC 
05: 02+00: OOUTC 
05: 02+00: OOUTC 
33: 28+00: OOUTC 
00: 00+00: OOUTC 
33: 28+00: OOUTC 



"Read/write atode entered from 10.15 
"Snapshot sysinfo stats has fetched 
"NTP: Fer Iodic query of server ntp ., 
"Snapshot sysinfo stats has fetched 
"NTP: Fer iodic query of server Mfcp.j 
"Snapshot sysinfo_stats has fetched 
"Enabling- compatibility mode for pr 
"Failed none for admin ssh2" 0 46 
"Administrator login from 10.150.1. 
"Accepted password for admin ssh2“ 
"NTP: Periodic query of server ntp ., 
"Snapshot sys inf o_s tats has fetched 
"NTP: Periodic query of server ntp ., 



< 



[^1 Poll for new events Log start ][ « ][ » Log end 



2. Click Log start or Log end or the forward and back arrow buttons to move through the 
event list. 



3. (Optional) Click the Poll for new events checkbox to poll for new events that occurred 
while the log was being displayed. 



Note: The Event Log cannot be cleared. 



74 




Chapter 5: Statistics 



Failover Statistics 

At any time, you can view statistics for any failover group you have configured on your 
system. 

To view failover status: 

1. Select Statistics > System > Failover. 



Status 



Failover Group: 



10.9.16.150 



v 



- Failover status: 

M ulticast address: 224. 1.2.3 

Local address: 1 0. 9. 1 6. 1 50 

State: MASTER 

Flags: R (Real IP) 



2. From the drop-down list, select the group to view. 

The information displayed includes the multicast address, the local address, the state, and 
any flags, where V indicates the group name is a virtual IP address, R indicates the group 
name is a physical IP address, and M indicates this machine can be configured to be the 
master if it is available. 

Active Sessions 

The Statistics > Active Sessions pages display per-connection statistics for all proxied 
sessions and bypassed connections running through the SG appliance. 

The following screenshot shows an example of the Active Sessions pages. 
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Total Connections: 



The Active Sessions feature has two pages: 



□ Proxied Sessions — Displays statistics for all connections intercepted by configured 
proxies or services. 

To learn more about proxied sessions, see "Analyzing Proxied Sessions" on page 76. 

□ Bypassed Connections — Displays statistics for all unintercepted traffic. 

To learn more about bypassed connections, see "Analyzing Bypassed Connections 
Statistics" on page 83. 
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Analyzing Proxied Sessions 

Use the Statistics > Active Sessions > Proxied Sessions page to get an immediate picture of 
the sessions, protocol types, services, bytes, and bandwidth gains (derived from WAN 
optimization and object caching) associated with client traffic. 

The first time you navigate to the Proxied Sessions page, no data is displayed. To display 
proxied sessions data, click Show. The statistics displayed in the window are not 
automatically updated. To update the statistics, click Show again. 



Important: Use the statistics on the Proxied Sessions pages as a diagnostic tool only. 
The Proxied Sessions pages do not display every connection running through the SG 
appliance. Rather, this feature displays only the active sessions — one client connection 
(or several), together with the relevant information collected from other connections 
associated with that client connection. Because it displays only open connections, the 
statistics cannot be used for reporting purposes. 



The Proxied Sessions page displays statistics for the following proxies: 


• HTTP 


• HTTPS Reverse Proxy 


• HTTPS Forward Proxy 


• SSL 


• CIFS 


• TCP-Tunnel 


. ftp 


• Endpoint Mapper 


• MMS 


• MAPI 


• MSRPC 





Client connections are available for viewing as soon as the connection request is received. 
However, if delayed intercept is enabled, the connection is not shown until the three-way 
handshake completes. Server connections are registered and shown in the table after the 
connect call completes. 

Viewing Proxied Sessions 

To view proxied sessions: 

1. Select Statistics > Active Sessions > Proxied Sessions. 

2. (Optional) Select a filter from the Filter drop-down list. 

Understanding the Proxied Sessions Statistics 

When reviewing the proxied session statistics, note that: 

□ Active client and server connections are displayed in black. 

□ Inactive connections are grayed out. 

□ Session and connection totals are displayed on the bottom-left side of the page. 

The following table describes the column headings and icons on the Proxied Sessions 
page. 
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Table 5-1 . Table Column Heading Descriptions on the Proxied Sessions Page 



Column Heading 


Description 


Client 


IP address and port of the client PC (or other downstream host). 
When the client connection is inactive, the contents of this column are 
grayed out. A client connection can become inactive if, for example, a 
client requests a large object and then aborts the download before the 
SG appliance has completed downloading it into its cache. 

When the session had multiple client connections, a tree view is 
provided. See "Viewing Sessions with Multiple Connections" on 
page 80 for more information. 


Server 


Final destination of the request. 

By default, the hostname is displayed. However, if a user entered an IP 
address in the URL, the IP address is displayed. 

The contents of this column are grayed out if the server connection is 
inactive. This can occur when a download has completed (and the 
server connection is closed or returned to the idle pool), but the object 
is still being served to the client. 

If a server connection was never made (a pure cache hit case), the 
Server column displays the hostname (or IP address) of the requested 
server. 

Active server connections are shown in black; inactive connections are 
grayed out. 


A 


ADN. Indicates that the server connection is flowing over an ADN 
tunnel. If the icon is not present, it indicates that an ADN tunnel is not 


□ 


in use. 




Encrypted ADN tunnel. 


S 

% 


SOCKS. Indicates that the next hop is a SOCKS proxy. If the icon is not 
present, it indicates that a SOCKS proxy is not in use. 


FW 


Forwarding. Indicates that the next hop is a proxy server. If the icon is 
not present, it indicates that forwarding is not in effect. 






Duration 


Displays the amount of time the session has been established. 


Client Bytes 


Represents the number of bytes (to and from the client) at the socket 
level on the client connection. All application-level bytes are counted, 
including application overhead such as HTTP headers, CIFS headers, 
and so on. 

TCP and IP headers, packet retransmissions, and duplicate packets are 
not counted. 

See "About the Byte Totals" on page 81 for more information. 
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Table 5-1. Table Column Heading Descriptions on the Proxied Sessions Page (Continued) 



Column Heading 


Description 


Server Bytes 


Represents the number of bytes (to and from the server) at the socket 
level on the server connection. All application-level bytes are counted, 
including application overhead such as HTTP headers, CIFS headers, 
and so on. 

If the traffic is flowing through an ADN tunnel, the bytes are counted 
after ADN optimization, meaning that compressed byte counts are 
displayed. 

TCP and IP headers, packet retransmissions, and duplicate packets are 
not counted. 

See "About the Byte Totals" on page 81 for more information. 


Gain 


Displays the bandwidth gain for the session. The calculation is: 
(Client Bytes - Server Bytes)/ Server Bytes 

When the request results in a pure cache hit, this column displays 

Cache Hit. 


C 


Compression. When displayed in color, this icon indicates that an ADN 
Tunnel is in use and gzip compression is active in either direction on 


88 


that tunnel. 

This icon has three states: 

• Active (color icon) 

• Inactive (grayed out icon) 

• Not possible (not displayed) 


BC 


Byte Caching. When displayed in color, this icon indicates that an ADN 
Tunnel is in use and byte-caching is active in either direction on that 


0101 

O 


tunnel 

This icon has three states: 

• Active (color icon) 

• Inactive (grayed out icon) 

• Not possible (not displayed) 



78 



Chapter 5: Statistics 



Table 5-1. Table Column Heading Descriptions on the Proxied Sessions Page (Continued) 



Column Heading 


Description 


oc 

o 


Object Caching. When displayed in color, this icon indicates that an 
HTTP, HTTPS, CIFS, Streaming, or FTP proxy is in use and the content 
is cacheable. 


o 


This icon has three states: 

• Active (color icon) 

• Inactive (grayed out icon) 

• Not possible (not displayed) 

The icon: 

□ Is grayed out if the content is non-cacheable (or for CIFS, 
when the entire connection is non-cacheable — not on an 
object-by-object basis). 

□ Is not displayed for MAPI and TCP-Tunnel traffic. 

□ Does not indicate a cache hit; it indicates only that the object 
is cacheable. 

Live splitting. When displayed in color, this icon indicates that a live 


a 


MMS stream is being split to the client. 
This icon has two states: 

• Active (color icon) 

• Inactive (grayed out icon) 


p 


Protocol Optimization. When displayed in color, this icon indicates that 
a proxy is in use that is capable of performing latency optimizations. 
These proxies include HTTP, HTTPS, CIFS, and MAPI. 

This icon has three states: 

• Active (color icon) 

• Inactive (grayed out icon) 

• Not possible (not displayed) 


BM 


Bandwidth Management. When displayed in color, this icon indicates 
that either the client or server connection has been assigned to a 


s 


bandwidth class. 

This icon has two states: 

• Active (color icon) 

• Inactive (grayed out icon) 


Service Name 


Displays the service used by the session. 

Even if a client connection is handed off to a different application 
proxy, this column shows the service name of the original service that 
intercepted the client connection. 


Protocol 


Displays the protocol used by the session. 


Detail 


Provides additional information. For example, it can indicate that a 
CIFS connection is "pass-through" due to SMB signing. 



79 



Volume 10: Managing the Blue Coat SG Appliance 



Using the Tool Tips 

Mouse over the following components to get more information: 

□ Table column headers — Displays the full name of the column header. 

□ Row values. 

□ Acceleration icons (C, BC, OC, P, BM) — displays the icon identity. 

□ ADN, SOCKS, and FW icons — displays the next hop. 

□ Client and Server icons — displays the full hostname or IP address. 

About MMS Streaming Connections 

The Active Sessions feature displays connection statistics for MMS streams over HTTP, 
TCP, or UDP only. Multicast connections and RTSP streaming connections are not 
displayed. When an MMS stream is displayed, the service name is listed as "HTTP" or 
"MMS" (depending on the transport used) and the protocol indicates "Windows Media." 

















to i http 




10.9.59.48:2597 


msent . wmod .lln wd .net: 80 
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Windows Media 



Viewing Sessions with Multiple Connections 

When multiple client or server connections are associated with a single session, the Client 
column provides a tree-view that allows you to expand the row to view more details 
about the associated connections. The tree view is represented by the ► icon. 

The following figure shows an HTTP example of this tree view. 
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HTTP 

HTTP 

HTTP 

HTTP 

HTTP 



HTTP 

The tree view displays (as shown above) for HTTP if multiple hosts are contacted during a 
session or if pipelining is used. 

FTP 

FTP uses multiple, concurrent connections. These are represented as separate rows in the 
tree view, as shown in the following figure. 




CIFS, MAPI, and Endpoint Mapper do not display multiple connections. 
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MMS 

The active sessions feature displays MMS streams that have a client associated with them. 
MMS streams that do not have a client associated with them (multicast, content 
management requests, etc.) are not displayed. MMS streams are displayed as follows: 

□ MMS UDP streams have two connections, one for data and one for control. 

□ MMS TCP streams have a single connection. 

□ MMS HTTP streams have a single connection. 

For additional information about streaming connections, see "About MMS Streaming 
Connections" on page 80. 

Understanding the Tree View 

When collapsed, the cumulative totals for all connections are displayed, as shown in the 
following example. 



► 10.9.59.48:4277 2 sec 60030 52.51 6| 14* |gg S S ft S HTTP HTTP 



When expanded, the tree view displays per-connection statistics for the session, as shown 
in the following example. The top line is a a summary of that session's statistics. The 
second line displays the statistics for the primary session. 
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The Gain column result differs according to the server or client byte totals: 



□ Zero client bytes. Displays no gain. 

□ Zero client and server bytes. Displays no gain. 

□ Zero server bytes. Displays Cache Hit (see the figure below). 

□ Client and server are non-zero. Displays the calculated gain. 
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About the Byte Totals 

The client and server byte total is the sum of all bytes going to and from the client or 
server. All application-level bytes are counted, including application overhead such as 
HTTP headers, CIFS headers, and so on. TCP and IP headers, packet retransmissions, and 
duplicate packets are not counted. 
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The following sections describe some of the factors that can affect the byte totals. 

ADN Tunnels 

If the traffic is flowing through an ADN tunnel, the bytes are counted after ADN 
optimization, meaning that compressed byte counts are displayed. 

Multiple Server Connections 

A single client connection can use many server connections. The server byte counts 
include the total bytes transferred over all server connections accessed over the lifetime of 
a client connection. Even though a server connection can serve many clients, the same 
server byte is never included in more than one client connection total. 

Aborted Downloads 

In some cases, you might see the server bytes increasing even after the client has closed 
the connection. This can occur when a client requests a large object and aborts the 
download before receiving the entire object. The server bytes continue to increase because 
the SG appliance is retrieving the object for caching. 

Explicit Proxying and Pipelining 

If clients are explicitly proxied and the session has multiple connections or is pipelined, no 
client bytes are displayed and the expanded server connections display no gain when the 
tree view is shown. This is because the SG appliance is downloading the content before 
serving it to the client. 

What is not Displayed 

The Proxied Sessions page does not display statistics for: 

□ IM (Yahoo, AOL, MSN), DNS, RTSP Streaming, SOCKS, and Telnet 

□ Inbound ADN connections 

□ Bridged connections 

□ Administrative connections (Management Console, SSH console, SNMP, DSAT, 
access-logging. Director, etc.) 

□ Off-box processing connections (ICAP, DRTR, etc.) 

Note: In some cases, an administrative or off -box connection might correspond to a 
specific client connection, for example, an ICAP AV scanning connection associated with a 
specific HTTP client connection. However, the byte counts collected from administrative 
or off -box connections are not included in the Active Sessions display. 



Filtering the Display 

Use the Filter drop-down list to filter the proxied session statistics. 
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Proxied Sessions j B\ 



Filter: 


None 






None 


r Active Sesl 


Client Address 
Client Port 




Client 


Server Address 




♦ 10.9. 


Server Port 
Proxy 




► 10.9.! 


Service 



When you select a filter, a text field or popup displays so that you can enter filtering 
criteria. 



IServer Port 



If you select a filter, you must enter a filtering criteria (or select None) before clicking 

Show. 

The following filters are available: 

□ Client Address 

Filter by IP address and IP address and subnet mask. 

□ Client Port 

□ Server Address 

Filter by IP address or hostname. Flostname filters automatically search for suffix 
matches. For example, if you filter for google.com, gmail.google.com is included in 
the results. 

□ Server Port 

□ Proxy 

□ Service (drop-down menu) 

The drop-down menu enables you to filter for enabled services. If you filter for a 
service that is not supported for active sessions (see "What is not Displayed" on 
page 82), the resulting filtering list will be empty. 

Obtaining HTML and XML Views of Proxied Sessions Data 

Access the following URLs to get HTML and XML views of active session statistics: 
HTML: https : / / SG7P:8082 / AS / Sessions / 

XML: https:/ / SG/P:8082 / AS / Sessions / xml 

Analyzing Bypassed Connections Statistics 

The Statistics > Active Sessions > Bypassed Connections page displays data for all 
unintercepted TCP traffic. 

When the appliance is first installed in an inline deployment, all services are bypassed by 
default. By analyzing the connection data in the Bypassed Connections page, you can 
review the types of traffic flowing through the appliance to identify traffic flows that 
would benefit from optimization. The Bypassed Connections page is also useful for 
identifying new types of traffic flowing through the appliance. 
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The Bypassed Connections page displays data for connections that were not intercepted 
because: 

□ A service has not been configured to intercept the traffic. 

□ A static or dynamic bypass rule caused the traffic to be bypassed. 

□ The interface transparent interception setting is disabled. 

Viewing Bypassed Connections 

To view bypassed connections: 

1. Select Statistics > Active Sessions > Bypassed Connections. 

2. (Optional) Select a filter from the Filter drop-down list. 

See "Filtering the Display" on page 85 for more information about display filters. 
The following screenshot shows an example of the Bypassed Connections page. 
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Total Connections: 13 

Figure 5-5. Bypassed Connections Page 
Note the following: 

□ Grayed out connections indicate connections that are now closed. 

□ Previously-established connections displayed with (<—?—>) text indicate that the 
direction of these connections is unknown. 

□ One-way connections are displayed in color. 

Understanding the Bypassed Connection Statistics 

The following table describes the column headings on the Bypassed Connections page. 
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Table 5-2. Table Column Heading Descriptions on the Bypassed Connections Page 



Column Heading 


Description 


Client 


IP address and port of the client PC (or other downstream host). 


Server 


Server IP address and port number. 


Duration 


Displays the amount of time the connection has been established. 


Bypassed Bytes 


Displays the total number of bypassed bytes for the connection. 


Service Name 


Displays the service used by the connection. 


Details 


Provides additional information. For example: 

• One-way traffic (forward) 

• One-way traffic (reverse) 

• Previously Established 

• Bypassed because of network interface setting 



Filtering the Display 

Use the Filter drop-down list to filter the bypassed connection statistics. 



Sessions Bypassed Connections 

None v 



None 



Client Address 
Client Port 
lC Server Address 
'Server Port 
Service 

When you select a filter, a text field or drop-down displays so that you can enter filtering 
criteria. 



Server 

10.2.2.20:1026 

10.2.1.64:389 



I Server Port 



If you select a filter, you must enter a filtering criteria (or select None) before clicking 

Show. 

The following filters are available: 

□ Client Address 

Filter by IP address and IP address and subnet mask. 

□ Client Port 

□ Server Address 

Filter by IP address or hostname. Flostname filters automatically search for suffix 
matches. For example, if you filter for google.com, gmail.google.com is included in 
the results. 

□ Server Port 
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□ Service (drop-down menu) 

The drop-down menu enables you to filter for enabled services. If you filter for a 
service that is not supported for active sessions (see "What is not Displayed" on 
page 82), the resulting filtered list will be empty. 

Obtaining HTML and XML Views of Bypassed Connections Data 

Access the following URLs to get HTML and XML views of active session statistics: 
HTML: https:/ /SGIP:8082/ AS/BypassedConnections/ 

XML: https:/ / SGIP:8082/ AS/BypassedConnections/ xml 

Health Statistics 

The Statistics > Health page enables you to get more details about the current state of the 
health monitoring metrics. Health monitoring uses key hardware and software metrics to 
provide administrators with a remote view of the health of the system. See Chapter 2: 
"Monitoring the SG Appliance" for information about health monitoring. 

Access Logging 

The Statistics > Access Logging pages enable you to view the log tail, log size, and upload 
status of the access log. Refer to Volume 9: Access Logging for more information. 

Advanced Statistics 

A variety of system statistics are conveniently located in one place and accessible by 
clicking the links listed in the Advanced tab of the Management Console. 

To view system-wide advanced statistics: 

1. Select Statistics > Advanced. 
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Advanced 




2. Click the appropriate link for the service you want to view. 
A list of categories for that service will appear. 



Note: If you upgraded from SGOS 2.x or CacheOS 4.x and have log files generated 
by those versions, you can view or retrieve them through the Statistics > Advanced > 
Access Log > Show Old Logs URL. 



3. To view the statistics for a particular category, click that category's link. 

A window opens, detailing the relevant statistics. 

4. Close the window when you have finished viewing the statistics. 

5. To return to the list of links, either reselect Statistics > Advanced or click your 
browser's Back button. 



Using the CLI show Command to View Statistics 

The show command can be used to view a variety of different statistics. The following 
output lists the show options pertaining to topics in this chapter. 

SGOS# show ? 



cpu 

disk 

health- checks 
http 

http-stats 

im 

ip-stats 

p2p 



CPU usage summary 
Disk status and information 
Health Checks statistics 
HTTP settings 
HTTP statistics 
IM information 
TCP/IP statistics 
Peer-to-peer information 
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resources 

snmp 

streaming 

system- resource -metrics 



Allocation of system resources 
SNMP statistics 
Streaming information 
System Resource Metrics 
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Term 


Description 


ADN Optimize Attribute 


Controls whether to optimize bandwidth usage when connecting upstream using an 
ADN tunnel. 


Asynchronous Adaptive 
Refresh (AAR) 


This allows the ProxySG to keep cached objects as fresh as possible, thus reducing 
response times. The AAR algorithm allows HTTP proxy to manage cached objects 
based on their rate of change and popularity: an object that changes frequently and/ 
or is requested frequently is more eligible for asynchronous refresh compared to an 
object with a lower rate of change and/ or popularity. 


Asynchronous Refresh 
Activity 


Refresh activity that does not wait for a request to occur, but that occurs 
asynchronously from the request. 


Attributes (Service) 


The service attributes define the parameters, such as explicit or transparent, 
cipher suite, and certificate verification, that the ProxySG uses for a particular 
service. . 


Authenticate-401 Attribute 


All transparent and explicit requests received on the port always use transparent 
authentication (cookie or IP, depending on the configuration). This is especially 
useful to force transparent proxy authentication in some proxy-chaining scenarios 


authentication 


The process of identifying a specific user. 


authorization 


The permissions given to a specific user. 


Bandwidth Gain 


A measure of the difference in client-side and server-side Internet traffic expressed in 
relation to server-side Internet traffic. It is managed in two ways: you can enable or 
disable bandwidth gain mode or you can select the Bandwidth Gain profile (this also 
enables bandwidth gain mode).. 


Bandwidth Class 


A defined unit of bandwidth allocation. An administrator uses bandwidth classes to 
allocate bandwidth to a particular type of traffic flowing through the ProxySG. 


Bandwidth Class Hierarchy 


Bandwidth classes can be grouped together in a class hierarchy, which is a tree 
structure that specifies the relationship among different classes. You create a 
hierarchy by creating at least one parent class and assigning other classes to be its 
children. 


Bandwidth Policy 


The set of rules that you define in the policy layer to identify and classify the traffic in 
the ProxySG, using the bandwidth classes that you create. You must use policy 
(through either VPM or CPL) in order to manage bandwidth. 


Bypass Lists 


The bypass list allows you to exempt IP addresses from being proxied by the 
ProxySG. The bypass list allows either <A11> or a specific IP prefix entry for 
both the client and server columns. Both UDP and TCP traffic is 
automatically exempted. 
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Term 


Description 


Byte-Range Support 


The ability of the ProxySG to respond to byte-range requests (requests with a Range : 
HTTP header). 


Cache-hit 


An object that is in the ProxySG and can be retrieved when an end user requests the 
information. 


Cache-miss 


An object that can be stored but has never been requested before; it was not in the 
ProxySG to start, so it must be brought in and stored there as a side effect of 
processing the end-user's request. If the object is cacheable, it is stored and served the 
next time it is requested. 


Child Class (Bandwidth 
Gain) 


The child of a parent class is dependent upon that parent class for available 
bandwidth (they share the bandwidth in proportion to their minimum /maximum 
bandwidth values and priority levels). A child class with siblings (classes with the 
same parent class) shares bandwidth with those siblings in the same manner. 


Client consent certificates 


A certificate that indicates acceptance or denial of consent to decrypt an end user's 
HTTPS request. 


Compression 


An algorithm that reduces a file's size but does not lose any data. The ability to 
compress or decompress objects in the cache is based on policies you create. 
Compression can have a huge performance benefit, and it can be customized based 
on the needs of your environment: Whether CPU is more expensive (the default 
assumption), server-side bandwidth is more expensive, or whether client-side 
bandwidth is more expensive. 


Default Proxy Listener 


See "Proxy Service (Default)" on page 93. 


Detect Protocol Attribute 


Detects the protocol being used. Protocols that can be detected include: 

HTTP, P2P (eDonkey, BitTorrent, FastTrack, Gnutella), SSL, and Endpoint Mapper. 


Directives 


Directives are commands that can be used in installable lists to configure forwarding. 
See also forwarding Configuration. 


Display Filter 


The display filter is a drop-down list at the top of the Proxy Services pane that allows 
you to view the created proxy services by service name or action. 


Early Intercept Attribute 


Controls whether the proxy responds to client TCP connection requests before 
connecting to the upstream server. When early intercept is disabled, the proxy delays 
responding to the client until after it has attempted to contact the server. 


Emulated Certificates 


Certificates that are presented to the user by ProxySG when intercepting 
HTTPS requests. Blue Coat emulates the certificate from the server and signs 
it, copying the subjectName and expiration. The original certificate is used 
between the ProxySG and the server. 


ELFF-compatible format 


A log type defined by the W3C that is general enough to be used with any protocol. 


Encrypted Log 


A log is encrypted using an external certificate associated with a private key. 
Encrypted logs can only be decrypted by someone with access to the private key. The 
private key is not accessible to the ProxySG. 
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Term 


Description 


explicit proxy 


A configuration in which the browser is explicitly configured to communicate with 
the proxy server for access to content. 

This is the default for the ProxySG, and requires configuration for both browser and 
the interface card. 


Fail Open/Closed 


Failing open or closed applies to forwarding hosts and groups and SOCKS gateways. 
Fail Open/ Closed applies when the health checks are showing sick for each 
forwarding or SOCKS gateway target in the applicable fail-over sequence. If no 
systems are healthy, the ProxySG fails open or closed, depending on the 
configuration. If closed, the connection attempt simply fails. 

If open, an attempt is made to connect without using any forwarding target (or 
SOCKS gateway). Fail open is usually a security risk; fail closed is the default if no 
setting is specified. 


Forwarding Configuration 


Forwarding can be configured through the CLI or through adding directives to a text 
file and installing it as an installable list. Each of these methods (the CLI or using 
directives) is equal. You cannot use the Management Console to configure 
forwarding. 


Forwarding Host 


Upstream Web servers or proxies. 


forward proxy 


A proxy server deployed close to the clients and used to access many servers. A 
forward proxy can be explicit or transparent. 


Freshness 


A percentage that reflects the objects in the ProxySG cache that are expected to be 
fresh; that is, the content of those objects is expected to be identical to that on the OCS 
(origin content server). 


Gateway 


A device that serves as entrance and exit into a communications network. 


Global Default Settings 


You can configure settings for all forwarding hosts and groups. These are called the 
global defaults. You can also configure private settings for each individual 
forwarding host or group. Individual settings override the global defaults. 


FTP 


See Native FTP; Web FTP. 


Host Affinity 


Host affinity is the attempt to direct multiple connections by a single user to the same 
group member. Host affinity is closely tied to load balancing behavior; both should 
configured if load balancing is important. 


Host Affinity Timeout 


The host affinity timeout determines how long a user remains idle before the 
connection is closed. The timeout value checks the user's IP address, SSL ID, or 
cookie in the host affinity table. 


Inbound Traffic (Bandwidth 
Gain) 


Network packets flowing into the ProxySG. Inbound traffic mainly consists of the 
following: 

• Server inbound: Packets originating at the origin content server (OCS) and sent to 
the ProxySG to load a Web object. 

• Client inbound: Packets originating at the client and sent to the ProxySG 
for Web requests. 
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Term 


Description 


Installable Lists 


Installable lists, comprised of directives, can be placed onto the ProxySG in one of 
several methods: through creating the list through the ProxySG text editor, by 
placing the list at an accessible URL, or by downloading the directives file from the 
local system. 


Integrated Host Timeout 


An integrated host is an Origin Content Server (OCS) that has been added to the 
health check list. The host, added through the integrate new hosts property, 
ages out of the integrated host table after being idle for the specified time. The default 
is 60 minutes. 


IP Reflection 


Determines how the client IP address is presented to the origin server for explicitly 
proxied requests. All proxy services contain a reflect-ip attribute, which enables or 
disables sending of client's IP address instead of the ProxySG's IP address. 


Issuer keyring 


The keyring that is used by the ProxySG to sign emulated certificates. The keyring is 
configured on the ProxySG and managed through policy. 


Listener 


The service that is listening on a specific port. A listener can be identified by any 
destination IP / subnet and port range. Multiple listeners can be added to 
each service. 


Load Balancing 


The ability to share traffic requests among multiple upstream targets. Two methods 
can be used to balance the load among systems: least -connect ions or round - 
robin . 


Log Facility 


A separate log that contains a single logical file and supports a single log format. It 
also contains the file's configuration and upload schedule information as well as 
other configurable information such as how often to rotate (switch to a new log) the 
logs at the destination, any passwords needed, and the point at which the facility can 
be uploaded. 


Log Format 


The type of log that is used: NCSA/Common, SQUID, ELFF, SurfControl, or 
Websense. 

The proprietary log types each have a corresponding pre-defined log format that has 
been set up to produce exactly that type of log (these logs cannot be edited). In 
addition, a number of other ELFF type log formats are also pre-defined (im, main, 
p2p, ssl, streaming). These can be edited, but they start out with a useful set of log 
fields for logging particular protocols understood by the ProxySG. It is also possible 
to create new log formats of type ELFF or Custom which can contain any desired 
combination of log fields. 


Log Tail: 


The access log tail shows the log entries as they get logged. With high traffic on the 
ProxySG, not all access log entries are necessarily displayed. However, you can view 
all access log information after uploading the log. 


Maximum Object Size 


The maximum object size stored in the ProxySG. All objects retrieved that are greater 
than the maximum size are delivered to the client but are not stored in the ProxySG. 


NCSA common log format 


A log type that contains only basic HTTP access information. 
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Term 


Description 


Negative Responses 


An error response received from the OCS when a page or image is requested. If the 
ProxySG is configured to cache such negative responses, it returns that response in 
subsequent requests for that page or image for the specified number of minutes. If it 
is not configured, which is the default, the ProxySG attempts to retrieve the page or 
image every time it is requested. 


Native FTP 


Native FTP involves the client connecting (either explicitly or transparently) using 
the FTP protocol; the ProxySG then connects upstream through FTP (if necessary). 


Outbound Traffic 
(Bandwidth Gain) 


Network packets flowing out of the ProxySG. Outbound traffic mainly consists of the 
following: 

• Client outbound: Packets sent to the client in response to a Web request. 

• Server outbound: Packets sent to an OCS or upstream proxy to request a service. 


Origin Content Server (OCS) 




Parent Class (Bandwidth 
Gain) 


A class with at least one child. The parent class must share its bandwidth with its 
child classes in proportion to the minimum/ maximum bandwidth values or priority 
levels. 


PASV 


Passive Mode Data Connections. Data connections initiated by an FTP client to 
an FTP server. 


proxy 


Caches content, filters traffic, monitors Internet and intranet resource usage, blocks 
specific Internet and intranet resources for individuals or groups, and enhances the 
quality of Internet or intranet user experiences. 

A proxy can also serve as an intermediary between a Web client and a Web server 
and can require authentication to allow identity based policy and logging for the 
client. 

The rules used to authenticate a client are based on the policies you create on the 
ProxySG, which can reference an existing security infrastructure — LDAP, RADIUS, 
IWA, and the like. 


Proxy Service 


The proxy service defines the ports, as well as other attributes, that are used by the 
proxies associated with the service. 


Proxy Service (Default) 


The default proxy service is a service that intercepts all traffic not otherwise 
intercepted by other listeners. It only has one listener whose action can be set to 
bypass or intercept. No new listeners can be added to the default proxy service, and 
the default listener and service cannot be deleted. Service attributes can be changed. 


realms 


A realm is a named collection of information about users and groups. The name is 
referenced in policy to control authentication and authorization of users for access to 
Blue Coat Systems ProxySG services. Multiple authentication realms can be used on 
a single ProxySG. Realm services include IWA, LDAP, Local, and RADIUS. 


Reflect Client IP Attribute 


Enables the sending of the client's IP address instead of the ProxySG's IP address to 
the upstream server. If you are using an Application Delivery Network (ADN), this 
setting is enforced on the concentrator proxy through the Configuration>App. 
Delivery Network>Tunneling tab. 
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Term 


Description 


Refresh Bandwidth 


The amount of bandwidth used to keep stored objects fresh. By default, the ProxySG 
is set to manage refresh bandwidth automatically. You can configure refresh 
bandwidth yourself, although Blue Coat does not recommend this. 


reverse proxy 


A proxy that acts as a front-end to a small number of pre-defined servers, typically to 
improve performance. Many clients can use it to access the small number of 
predefined servers. 


rotate logs 


When you rotate a log, the old log is no longer appended to the existing log, and a 
new log is created. All the facility information (headers for passwords, access log 
type, and so forth), is re-sent at the beginning of the new upload. 

If you're using Reporter (or anything that doesn't understand the concept of "file," 
such as streaming) the upload connection is broken and then re-started, and, again, 
the headers are re-sent. 


serial console 


A device that allows you to connect to the ProxySG when it is otherwise unreachable, 
without using the network. It can be used to administer the ProxySG through the 
CLI. You must use the CLI to use a serial console. 

Anyone with access to the serial console can change the administrative access 
controls, so physical security of the serial console is critical. 


Server Certificate Categories 


The hostname in a server certificate can be categorized by BCWF or another content 
filtering vendor to fit into categories such as banking, finance, sports. 


Sibling Class (Bandwidth 
Gain) 


A bandwidth class with the same parent class as another class. 


SOCKS Proxy 


A generic way to proxy TCP and UDP protocols. The ProxySG supports both 
SOCKSv4/4a and SOCKSv5; however, because of increased username and password 
authentication capabilities and compression support. Blue Coat recommends that 
you use SOCKS v5.. 


SmartReporter log type 


A proprietary ELFF log type that is compatible with the SmartFilter SmartReporter 
tool. 


Split proxy 


Employs co-operative processing at the branch and the core to implement 
functionality that is not possible in a standalone proxy. Examples of split 
proxies include : 

Mapi Proxy 
SSL Proxy 


SQUID-compatible format 


A log type that was designed for cache statistics. 


SSL 


A standard protocol for secure communication over the network. Blue Coat 
recommends using this protocol to protect sensitive information. 


SSL Interception 


Decrypting SSL connections. 


SSL Proxy 


A proxy that can be used for any SSL traffic (HTTPS or not), in either forward or 
reverse proxy mode. 
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Term 


Description 


static routes 


A manually-configured route that specifies the transmission path a packet must 
follow, based on the packet's destination address. A static route specifies a 
transmission path to another network. 


SurfControl log type 


A proprietary log type that is compatible with the SurfControl reporter tool. The 
SurfControl log format includes fully-qualified usernames when an NTLM realm 
provides authentication. The simple name is used for all other realm types. 


Traffic Flow (Bandwidth 
Gain) 


Also referred to asflozv. A set of packets belonging to the same TCP/UDP connection 
that terminate at, originate at, or flow through the ProxySG. A single request from a 
client involves two separate connections. One of them is from the client to the 
ProxySG, and the other is from the ProxySG to the OCS. Within each of these 
connections, traffic flows in two directions — in one direction, packets flow out of the 
ProxySG (outbound traffic), and in the other direction, packets flow into the 
ProxySG (inbound traffic). Connections can come from the client or the server. Thus, 
traffic can be classified into one of four types: 

• Server inbound 

• Server outbound 

• Client inbound 

• Client outbound 

These four traffic flows represent each of the four combinations described above. 
Each flow represents a single direction from a single connection. 


transparent proxy 


A configuration in which traffic is redirected to the ProxySG without the knowledge 
of the client browser. No configuration is required on the browser, but network 
configuration, such as an L4 switch or a WCCP-compliant router, is required. 


Variants 


Objects that are stored in the cache in various forms: the original form, fetched from 
the OCS; the transformed (compressed or uncompressed) form (if compression is 
used). If a required compression variant is not available, then one might be created 
upon a cache-hit. (Note: policy-based content transformations are not stored in the 
ProxySG.) 


Web FTP 


Web FTP is used when a client connects in explicit mode using HTTP and 
accesses an ftp:/ / URL. The ProxySG translates the HTTP request into an 
FTP request for the OCS (if the content is not already cached), and then 
translates the FTP response with the file contents into an HTTP response for 
the client. 


Websense log type 


A proprietary log type that is compatible with the Websense reporter tool. 


Wildcard Services 


When multiple non-wildcard services are created on a port, all of them must be of the 
same service type (a wildcard service is one that is listening for that port on all IP 
addresses). If you have multiple IP addresses and you specify IP addresses for a port 
service, you cannot specify a different protocol if you define the same port on another 
IP address. For example, if you define HTTP port 80 on one IP address, you can only 
use the HTTP protocol on port 80 for other IP addresses. 

Also note that wildcard services and non-wildcard services cannot both exist at the 
same time on a given port. 

For all service types except HTTPS, a specific listener cannot be posted on a port if 
the same port has a wildcard listener of any service type already present. 
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